Only 4% of organizations worldwide have achieved a 'Mature' level of cybersecurity readiness. This is a slight increase from last year's Index, in which 3% of organizations worldwide were designated as Mature.

84% of organizations face increased security risks as employees access networks from unmanaged devices within hybrid work models.

There was a 25% increase in ransomware attacks in 2024.

Over 50% of respondents cited difficulty coordinating across teams when it came to DDoS attacks.

There was a 53% increase in the number of ransomware group leak sites in 2024.

Only 45% allocate more than 10% of their IT budget to cybersecurity. This allocation is down 8% year-over-year.

Over 77% of organizations report that their complex security infrastructures are impeding their ability to respond swiftly and effectively to threats. These infrastructures are often dominated by the deployment of more than ten point security solutions

29% of BEC events resulted in funds transfer fraud in 2024.

68% reported challenges demonstrating the ROI of DDoS protection to leadership

36% of CISOs reported unplanned downtime following a breach.

30% of CISOs cited data exposure following a breach.

59% of enterprises have adopted at least one new security solution at the request of their cyber insurance provider.

Akira ransomware was the most prolific variant for Coalition policyholders, accounting for 13% of ransomware claims in 2024.

FTF (funds transfer fraud) claims frequency decreased by 2% YoY.

Although the amounts paid by UK ransomware victims continued to rise in 2024, extortion negotiations involving ransomware experts remained generally effective, often resulting in reductions of over 60% from the initial demands to the final payment.

Data breaches accounted for 17% of claims. This includes hostile and accidental external breaches, but excludes extortion.

Nearly half of organizations (49%) suffered cyberattacks in the last year.

Only 49% of respondents are confident their employees fully understand AI related threats.

60% of organizations lack confidence in detecting unregulated AI deployments (shadow AI).

96% of organizations are making changes to their IT environment at least quarterly