48% of enterprises' cyberattacks involve phishing or social engineering.

66% of CPS incidents include the compromise of human-machine interfaces (HMI) or supervisory control and data acquisition (SCADA) systems that control industrial processes.

Manufacturing experienced an average attack size of 11.6 Gbps, the largest across all industries.

Government’s share of total attacks increased from 5% to 12% year-over-year, with an average attack size of 5.5 Gbps.

50% of organizations cite workflow integration as the biggest barrier to deploying AI in the SOC.

11% of insider incidents exceed $2 million in remediation costs.

Organizations receive an average of 4,330 security alerts daily, but only 37% are detected and investigated.

For 25% of organizations, manual triage requires 214 hours per week, equivalent to 5.3 full-time employees.

60% of employees use AI daily or more, and 35% use AI multiple times a day.

50% of employees have granted AI access to work-related applications.

79% of organizations are notified of a threat by external third parties such as researchers, customers, or attackers before their own internal detection.

E-commerce and retail accounted for roughly 20% of agentic browser traffic.

Real estate accounted for 17% of agentic browser traffic in early 2026.

Travel and tourism accounted for 15% of agentic browser traffic in early 2026.

94% of organizations view cybersecurity as a primary business risk.

59% of organizations are increasing spending on cloud and third-party security.

80% of organizations increased cybersecurity budgets in 2026.

94% of U.S.-based cybersecurity leaders would still choose cybersecurity as a career.

Nearly half of Americans (about 49%) have either received an AI voice deepfake call or cannot distinguish one from a real call.

46% of people use a VPN, up from 42%.