49% of IT leaders mistakenly believe that Microsoft automatically backs up their configurations, leaving them vulnerable in the event of a disaster.

Only 25% of organizations plan to prioritize engaging with software suppliers about security credentials in the next 12 months.

Only 46% of Level 0–2 critical sector organisations reported zero intrusions in the past year.

50% of critical sector organisations reported experiencing one or more cybersecurity incidents.

Only 23% of organizations are confident that they have very high visibility of their software supply chain.

The 6% of organizations with "very high visibility" of their software supply chain are a stark contrast to the 80% with "very low visibility" who suffered a breach.

A total of 68% of organizations report that media attention has elevated cybersecurity on the C-suite agenda.

In Europe, 51% of organizations say they are prepared for software supply chain attacks.

44% of organizations in APAC say they are prepared for software supply chain attacks.

68% of organizations face Microsoft 365 cyberattacks daily.

82% of North American hotels were hit with a successful cyberattack during summer 2024.

22% of hotel IT and security executives admitted that cybercriminals outpace their teams.

34% of hotel IT and security executives identified front desk systems as a most vulnerable guest-facing technology.

Last summer, 44% of hotels experienced more than 12 hours of downtime due to an attack.

34% of hotel IT and security leaders are worried about POS system attacks disrupting in-person transactions.

70% of hotels are investing in firewalls.

49% of IT leaders mistakenly believe that Microsoft automatically backs up their configurations, leaving them vulnerable in the event of a disaster.

Over 4,400 packages discovered in Q2 2025 were specifically designed to steal sensitive information, including secrets, personally identifiable information (PII), credentials, and API tokens.

Sonatype detected and logged 107 malicious components attributed to the Lazarus Group, a North Korea-linked Advanced Persistent Threat (APT), across both npm and PyPI in late Q2 2025.

There was 118 total funding and M&A cybersecurity transactions.