81% of interactive (hands-on-keyboard) intrusions were malware-free.

Users are downloading resources from Hugging Face at a majority (67%) of organisations.

Impersonation is the most common technique in BEC scams, with 82% of attempts targeting CEOs and executives.

Organisations are now using approximately 15 genAI apps, up from 13 in February 2025.

Grok has entered the top 10 most-used applications for the first time.

The United States accounted for over half of all ransomware victims in H1 2025.

22% of organisations are utilising Amazon Bedrock.

47% of newly exploited vulnerabilities were originally published before 2025.

Zero-day exploitation increased 46% in H1 2025.

Published vulnerabilities rose 15% in H1 2025.

45% of published vulnerabilities in H1 2025 were rated high or critical.

CVEs added to CISA KEV jumped 80% in H1 2025.

Grok remains in the top 10 most-blocked apps list

Clop ransomware experienced a 2,300% increase in victim claims, which was driven by the exploitation of a vulnerability in Cleo software.

The healthcare sector experienced an average of two healthcare breaches per day in the first half of 2025.

51% of threat actor updates in H1 2025 were attributed to cybercriminals, such as ransomware groups.

There were 10.53 billion visits to AI sites recorded in January 2025.

Web traffic to GenAI sites increased by 50%, from 7 billion visits in February 2024 to 10.53 billion in January 2025.

80% of AI access happens via browsers.

7.2% of organisations are utilising Google Vertex AI.