43% of small healthcare organisations reported experiencing a phishing or spoofing incident in the past year.

In 2025, only 36% of organizations feel confident in their ability to support large-scale genAI workloads and data volumes.

90% of organisations have budgets allocated to PQC preparedness initiatives within the next 12 months.

A coordinated fraud ring stole identities from Texas death row inmates.

Solara Medical faced a $9.76 million class-action settlement following a phishing attack.

91% of the security profession believe ultimate responsibility for security lies with the board.

78% of businesses are investing in GenAI.

Only 31% believe ultimate responsibility for security lies with security managers or CISOs.

61% of UK organisations have created defined runbooks, roles, and processes for incident responses, which is ahead of the global average of 41%.

42 countries experienced their first ransomware incidents between July 2024 and June 2025.

78% of organizations plan to increase investment in genAI.

85% of organizations describe their cybersecurity posture as reactive.

56% say senior management should face consequences such as sanctions, prosecutions, or fines for serious cyber incidents.

Only 36% of UK organisations strongly believe that they should prioritise the minimum viability approach.

93% of UK businesses have experienced a business-critical cyber incident.

Only 7% of the UK businesses surveyed reported never having experienced a "business-critical" incident, which is less than the 14% reported for the rest of the world.

65% of UK organisations have an inventory of business-critical systems and dependencies, which is ahead of the global average of 50%.

A historic peak of over 1,000 recorded ransomware incidents occurred in February 2025 alone.

ChatGPT generates the most real-time traffic to websites, with 98% of fetcher bot requests attributable to OpenAI’s bots

The United States remained the primary target, accounting for 47% of known ransomware attacks.