49% of CISOs say that buyers now factor application security (AppSec) into purchasing decisions.

The global average baseline PPP before training was 33.1%. This means approximately one-third of employees interact with phishing simulations before undergoing best-practice security awareness training.

There has been a 3.5% decrease in the global baseline PPP within a year (from 2024 to 2025), highlighting a positive shift in overall security awareness worldwide.

Manufacturers (62%) are already deriving more benefits from AI than other sectors.

Over 50% of manufacturing and automotive decision-makers see cybersecurity as their top network challenge.

The human attack rate saw only a marginal (1%) increase in 2024.

88% of executives had interior photos or floor plans available

57% of senior network decision-makers in manufacturing and automotive industries do not believe that AI has been overhyped and state that they are already seeing real benefits across their businesses.

One in nine (11%) password reset attempts in 2024 was a fraud attack. This rate rose to over one in four (27%) reset attempts initiated on a desktop computer.

24% of respondents indicated that application security is “always” a factor in purchasing decisions.

Small and mid-sized businesses (SMBs) in the $4M-$8M range were the most frequently targeted.

Ransomware was responsible for 67% of known third-party breaches.

In Europe, 58% of respondents report that security is “always” a factor in purchasing decisions.

Account takeover (ATO) fraud represents a further 27% of global reported fraud. This is down by ~2% year on year.

56% of organisations say that most of their development teams are fully integrated with AppSec programmes.

62% of CISOs report AppSec metrics to their board.

In organisations developing software-based products, responsibility is split: 50% of organisations assign security responsibility to CISOs, while 43% move security oversight to development teams.

There has been a 123% increase in ransomware attacks over two years.

75% of organizations require employees to complete security awareness training at least quarterly.

98% of company executives had property addresses publicly linked to their name.