Half (50%) of the respondents said DORA requirements have been integrated into their broader resilience programs.

Over a third (more than 33.3%) of financial services organizations named third-party oversight the most challenging DORA requirement to implement.

22% of financial services organizations felt that DORA’s design could have been improved to aid compliance

The average application is targeted by attackers once every 3 minutes.

IT teams spend 3.5 hours per printer per month managing hardware and firmware security issues.

24% of financial services organizations have not established recovery and continuity testing (a DORA requirement).

94% of organizations surveyed now rank DORA higher in their organizational priorities than they did in the month before the deadline.

23% of financial services organizations have not conducted digital operational resilience testing (a DORA requirement).

24% of financial services organizations have not implemented incident reporting (a DORA requirement).

1-in-4 (25%) of IT and security decision-makers believe it’s necessary to physically destroy printer storage drives.

54% of IT and security decision-makers fail to request technical documentation to validate security claims.

There are nearly twice as many identity verification users aged 60–64 as there are aged 20–24, suggesting older adults are both highly targeted and proactive in self-protection.

Internal-themed topics accounted for 98.4% of the top 10 most-clicked email templates in the phishing simulations.

55% of IT and security decision-makers fail to submit vendor responses to security teams for review.

Only 38% of IT and security decision-makers say procurement, IT, and security collaborate to define printer security standards during the Supplier Selection & Onboarding stage.

Subscription prices for generative AI tools like FraudGPT and WormGPT, marketed for illicit uses such as phishing and malware creation, start for as little as $200 per month.

Personally identifiable information (PII) comprised 17.8% of sensitive data exposed through employee use of Chinese GenAI tools at work.

Mergers & acquisitions data accounted for 18.2% of sensitive data exposed through employee use of Chinese GenAI tools at work.

Organisations that implement light-touch guardrails and nudges, rather than blanket blocking of Chinese GenAI tools, have seen up to a 72% reduction in sensitive data exposure, while increasing AI adoption by as much as 300%.

On average, applications contain 30 serious vulnerabilities.