The presence of compliance teams in TPRM jumped from 42% in 2023 to 88% in 2025.

Lumma Stealer is now the top type of malware and accounts for over 25% of recorded infostealer attacks worldwide.

79% of organizations have expanded their risk management oversight to include data privacy.

70% of companies now actively monitor compliance as part of their risk surveillance.

64% of risk teams track business continuity to understand interdependent risk dynamics.

Lumma Stealer accounts for over 50% of infostealer attacks on the US SLED sector.

85% of risk managers identify cybersecurity as their most heavily monitored risk.

41% of organisations still rely on spreadsheets to assess third parties.

14% of TPRM programmes actively use Artificial Intelligence (AI).

The SLED sector (State and Local Government and Education) faced 60% of recorded anonymous attacks.

There were a total of 393 attacks globally in May. This marks the third consecutive month in which ransomware attacks have dropped.

Only 6% of security leaders rank securing non-human identities as their most difficult challenge.

50% of industrial organizations claim that supply chain threats and cybercriminal activity are their top security concern.

8% of industrial organizations claim that nation-state actors are their top security concern.

64% of industrial organizations classify their OT cybersecurity maturity as foundational.

Qilin dropped to third place with 42 attacks in May.

Asia experiencec 13% of all global attacks, with 49 incidents in May.

Europe experienced 29% of all global attacks, totalling 112 incidents, in May.

North America remains the hardest-hit region, accounting for 50% of all global attacks, which is 193 incidents in May.

9% of industrial organizations claim that zero-day vulnerabilities are their top security concern.