Monthly volatility in ransomware attacks increased 50% year-over-year.

UK organisations are 21% less likely to have a dedicated environment in which to recover compared to other countries.

The number of active ransomware groups has doubled over the last three years.

Only 36% of organizations say they are ready to support large-scale AI workloads.

More than 80% of small healthcare practices expressed confidence in their current HIPAA compliance posture.

83% of small healthcare practices believe patient consent removes the need for encryption.

The top ten ransomware groups now account for only 50% of attacks, which is down from 69% previously.

Demand deposit accounts: High risk, with identity theft at 7.85% and synthetic fraud at 1.17%.

Nearly half of healthcare email breaches stem from Microsoft 365 alone.

73% of business executives warn that failing to adopt agentic AI could pose a competitive risk.

In 2025, healthcare breaches took an average of 224 days to detect and another 84 days to contain—making it over 10 months total.

Other consumer lending: The lowest fraud exposure, with 0.77% identity theft and 0.14% synthetic fraud.

Telecommunications experienced the highest overall fraud rates: 10.15% identity theft and 2.9% synthetic fraud.

Only 5% of organisations have fully automated certificate management.

64% of San Franciscans set up passkeys whenever available.

Vision Upright MRI faced a $5,000 fine plus two years of federal monitoring after a server breach exposed over 21,000 individuals' medical imaging records.

98% of organisations have or expect to experience challenges with PQC implementation.

41 new ransomware groups have emerged between July 2024 and June 2025.

Overall organisational readiness for both short-lived certificates and PQC remains critically low.

62% of Washington, D.C. area residents set up passkeys to protect their online accounts.