43% of employees are worried about AI-driven data exposure or attacks.

Time-to-exploit (TTE) is 24–48 hours for critical outbreaks, compared to 4.76 days previously.

Impersonation breaches or attacks were significantly down among charities compared with the previous two years (7% this year down from 11% in 2024/2025 and 12% in 2023/2024).

51% of small business owners say business owners themselves are "very responsible" for preventing and protecting against fraud.

Software spending is forecast to reach $1.44362 trillion in 2026, growing 15.1% year-over-year.

Spending growth in GenAI model development is forecast to more than double year-over-year.

Only 25% of UK IT decision makers report having strong governance frameworks for agentic AI.

27% of organisations say digital resilience plans and strategies are reviewed regularly by boards

41% of CIOs say incident response times have worsened.

30% of CIOs identify phishing as a dominant threat.

Nearly half of IT and security leaders expect agentic systems to drive the majority of attacks in the coming year.

Only 23% of IT and security leaders report full visibility into the AI agents operating in their environments.

Nearly nine in ten IT and security leaders express concern about meeting recovery objectives as agent-driven threats increase.

44% of enterprises report low or no confidence in their ability to detect AI agent-specific threats.

Ransomware victim post rates averaged approximately 150–200 per week in Q1 2026 and remained steady quarter-over-quarter and year-over-year.

62% of IT professionals report difficulty trusting AI recommendations.

IT professionals see their roles as 41% more complex compared to two years prior.

71% of IT professionals report needing to double-check AI outputs.

83% of IT professionals agree AI is only as effective as the data it can see.

67% of IT professionals report at least moderate fragmentation in their IT environments.