Fewer than half of organizations monitor cybersecurity across even 50% of their nth-party supply chains.

Of attempted misuse attempts that involved financial accounts, 14% involved checking accounts.

New types of scams reported included toll road scams, which accounted for 3% of all reported scams.

Healthcare reported the lowest median ransom payment at $150,000.

For attempted misuse, thieves tried to open a new account (69%) more often than attempting to take over an existing account (31%).

Google Voice scams decreased by 84 percentage points and made up 9% of all scam reports.

There was a 754-percentage-point increase in reports of account takeover involving tech accounts.

Germany reported the highest difficulty with tool complexity at 41%.

33% of respondents are still not conducting regular security assessments, including penetration testing, for their Large Language Model (LLM) deployments.

20.3% of respondents view AI-powered malware as an extremely significant risk. This concern for AI-powered malware climbs to 25% among senior management, compared to just 15% of middle management.

Only 18% took more than a month to recover from a ransomware attack, down from 34% in 2024

One in four (25%) flagged compliance navigation as their biggest challenge with security solutions.

Fraud is a particular concern among Americans age 65 and older, with 69.9% extremely or very concerned.

The top methods of identity compromise reported were due to PII being shared in a scam, stolen documents with personal information, and unauthorized access to a computer or mobile device.

When asked about the most concerning threats, 51% cited AI-generated threats (e.g., deepfakes, automated malware, malicious code).

The retail and e-commerce sector experienced a multi-month attack where fraudulent sign-ups outnumbered legitimate ones by 120 times.

Over half (53%) of organisations fully recovered from a ransomware attack in a week, up from 35% last year.

Across all industries, there was a 700% global increase in deepfake fraud between Q1 2024 and Q1 2025.

In 2024, an average of 46% of all registration attempts across the Auth0 platform were identified as signup attacks.

Overall, 63% of organisations cited resourcing issues as a contributing factor to falling victim to a ransomwre attack.