Organisations with strong asset visibility are 2.5 times more likely to communicate cyber risk effectively to the board

60% of organizations say security issues are more likely to delay product launches than feature bugs.

8 in 10 AppSec professionals are open to outside help.

Nearly all organisations (99%) assess vendor risk.

87% of security providers now offer compliance services.

62% of security professionals fear being fired following a breach.

47% of cybersecurity and cyber risk professionals report exhaustion (burnout).

Double extortion remains the most common approach.

Just 17% of organisations have tools to regularly map threats and contextualise them for full visibility.

Cybersecurity and cyber risk leaders at organizations with full threat visibility experience a significantly lower burnout rate of 44%.

Only 17% of organisations have the capability for continuous monitoring, despite it being a top priority.

Only a third of organisations monitor third-party relationships over time.

A new quadruple extortion tactic is being used in ransomware campaigns, which builds on double extortion by using distributed denial-of-service (DDoS) attacks to disrupt business operations and harassing third parties (like customers, partners, and media) to increase the pressure on the victim.

17% of security professionals believe termination is likely after a breach.

The percentage of breaches tied to third parties doubled from the previous year.

Nearly half the cryptomining attacks analysed by Akamai researchers targeted nonprofit and educational organizations.

90% of surveyed cybersecurity and cyber risk leaders find managing cyber risks harder today than five years ago.

The explosion of AI is cited by 39% of cybersecurity and cyber risk leaders as a reason for increased difficulty in managing cyber risks today vs five years ago.

1 in 5 organisations still admit their cyber practices are "immature".

Just 29% of organisations have a formal cyber program that is truly aligned with business objectives.