57% of North American organizations say they are prepared for software supply chain attacks.

56% of hotel IT and security executives identified guest Wi-Fi as a most vulnerable guest-facing technology.

Only 5% of 2025 organisations in the critical sector stated that OT security is owned by the VP or lower, compared to 59% in 2022.

66% of hotels are investing in VPNs.

80% of organisations in the critical sector that haven't done so already plan to consolidate OT cybersecurity under the CISO in the next 12 months.

40% of CEOs believe that the biggest security risk the organization faces today is from the software supply chain, compared with 29% of CIOs and 27% of CTOs.

72% of hotel IT and security executives identified payment systems and point-of-sale (POS) technology as the most vulnerable guest-facing technology.

32% of hotel IT and security leaders say a significant increase in credit card transactions will increase their cybersecurity risk during the busy travel season.

In early December 2024, a criminal on an underground forum was offering a tutorial and playbook for KYC bypass services, including: a licensed version of VcamPro aka Vcam virtual Android camera application, a fake iPhone Camera application for iOS versions 15 and 16, and private deepfake video tool that requires a GeForce RTX 2070 graphics card or more advanced technology.

51% of respondents have over 250 over-privileged Entra applications with read-write permissions, which poses significant security risks. This contributes to "Privilege Risks," as the increasing number of applications escalates security risks, necessitating tighter governance over permissions.

Higher audio quality deepfake synthesis services typically cost upwards of $1,000 a month, but many platforms offer decent output starting at just $5.

67% of European organizations are investing in enhanced software supply chain security, which is the highest of all regions.

16% of hotel IT and security leaders struggle to fill cybersecurity job vacancies.

In North America, the top three risks for organizations are third-party software distribution channels (49%), third-party risk management (48%), and unsupported software (48%).

99.9% of Microsoft account compromises occur in accounts lacking Multi-Factor Authentication (MFA).

48% of hotel IT and security executives are not confident in their staff's ability to reliably identify and respond to sophisticated AI-driven cyberattacks and deepfakes.

80% of organizations that report very low visibility across the software supply chain have suffered a security breach in the past 12 months.

Many audio deepfake services offer one-shot voice generation, requiring just a few seconds of source material.

The first deepfake audio-enabled CEO scam occurred in 2019.

Over 95% of the surveyed organisations in the critical sector have elevated OT security to the C-suite level since 2022.