Only 13% of CISOs in the study said they were consulted early when urgent strategic decisions were being made.

41% of respondents are in the process of simplifying their tech platform.

98% of organizations plan to expand their adoption of AI agents.

95% of software weaknesses are directly attributable to open-source code.

"Secure Creators" (organizations with more advanced cybersecurity functions than their peers) require smaller budgets — 10% smaller on average — and are less likely to cite budgets as a key challenge.

74% of respondents reported they invested savings from optimization, automation, and outsourcing to address control weakness.

46% of respondents used savings from optimization, automation, and outsourcing to increase coverage of the attack surface.

"Secure Creators" (organizations with more advanced cybersecurity functions than their peers) were more likely to have positively impacted how external stakeholders perceive their brand (72% vs. 56% of Prone Enterprises).

Nearly a third (29%) of teams still lack the tools and processes needed to analyze SBOMs for vulnerabilities.

61% of manufacturing respondents expect improved real-time threat detection and response as the benefit AI adoption in remote access security.

Individual breached records surged by more than 186%, revealing sensitive information such as passwords, emails, and credit card details.

Generic scams accounted for 51% of reports submitted to the Norton Genie scam detector.

88% of manufacturers authorize remote third-party access to OT environments.

67% of manufacturers cited improved third-party collaboration as the top benefit of secure remote access.

55% of respondents say AI agents making decisions based on inaccurate or unverified data is a factor contributing to AI agents as a security risk.

For each initiative that involves cybersecurity, the median value creation figure is US$36m. This figure varies significantly by organization size, ranging from a median of US$11m per project for organizations with US$1b-US$4.9b in revenue, up to US$154m for companies with US$20b or more in annual revenue6.

"Secure Creators" (organizations with more advanced cybersecurity functions than their peers) were more likely to help other business functions implement AI than "Prone Enterprises" (48% vs. 31%).

Reports of phishing scams rose by a staggering 466% compared to the previous quarter.

Phishing now makes up nearly 32% of all scam submissions to the Norton Genie scam detector platform.

35% of security professionals said data security and privacy risks was the most pressing or high-stakes issue AI creates for organizations today.