31% of Canadians are now more likely to open a financial account online than they were a year ago.

30% of Canadians rank good fraud protection as one of the top three considerations when selecting a new account, while 71% rank it in their top three overall.

9 in 10 UK organisations tested elements of their recovery capabilities in the last 12 months, which is a significant increase from previous years.

Just 17% of UK organisations paid the ransom following a ransomware attack.

In real-world situations within the private sector, if a ransom payment ban were to take hold, 15% of UK business leaders said they would be neither likely nor unlikely to comply with such a ban.

The countries with the largest number of active threat actor groups are: China: 20 groups, Russia: 11 groups, North Korea: 9 groups, and Iran: 6 groups.

4.4% of KEVs are in a deferred status by NIST, meaning they are no longer maintained or updated

13% of organisations reported breaches of AI models or applications.

Just 27% of organisations enforce a least privilege access model.

Organisations self-identifying as "Established" in their identity posture follow 5.1 best practices.

64% of organizations experience mission-critical workflow disruptions or failures.

58% of organizations suffer data center downtime due to workflow failures.

Nearly half of organizations (48%) are not prepared to confront the urgent challenges posed by quantum computing.

There was a significant reduction in the number of organisations that planned to invest in security following a breach: 49% in 2025 compared to 63% in 2024.

71% of UK organisations experienced a cyber attack in the past year.

Organisations using AI and automation extensively throughout their security operations saved an average of $1.9 million in breach costs.

62% of Canadians report they either like or have a strong preference to use fingerprints for security.

Organisations that detected a breach internally observed a $900,000 savings on breach costs compared to those disclosed by an attacker.

6% of Canadians reported their stolen identity was used by a criminal to open a financial account (approximately 8 million victims), an increase from 5% in 2023 and 5.6% in 2020.

32.1% of vulnerabilities (Known Exploited Vulnerabilities - KEVs) had exploitation evidence on or before the day of their CVE disclosure, often indicating zero-day exploitation. This marks an 8.5% increase in the percentage of KEVs exploited on or before disclosure compared to 23.6% in 2024.