11% of enterprises automatically block actions when AI agents exceed their scope.

63% of enterprises use action risk as a primary signal for governing AI agent behavior.

66% of enterprises have clear guardrails for defining AI agent boundaries.

52% of IT and security leaders have doubts about whether their recovery plans cover agentic AI scenarios.

32% of AI/LLM findings are rated as high risk, nearly 2.7x the overall high-risk rate of 12%.

61% of security professionals want a "strategic pause" to calibrate defenses against AI-driven threats, up from 48% last year.

97% of security professionals state they are adding AI capabilities to their software and services.

In 2025, AI generated 82.6% of phishing content.

In 2025, nearly 50,000 new vulnerabilities were disclosed with an average CVSS score of 6.6.

In 2025, total ransomware payments fell 23%.

Two-thirds of CIOs say employee training on AI risk management is insufficient.

8% of enterprises say AI agents never exceed their intended permissions.

HIPAA (43%), the NIST AI Risk Management Framework (37%), and SOC 2 or ISO 27001 (34%) are the frameworks that most influence enterprises' AI agent governance.

49% of enterprises feel slightly or not at all prepared for upcoming AI-related regulations.

Akira ransom demands averaged $1.2M, which is 50% higher than the non-Akira average.

Two-thirds of Akira attacks in 2025 occurred on nights or weekends.

In 2025, one in three ransomware claims triggered business interruption coverage.

Ransomware claims that triggered business interruption coverage averaged $510K in severity, compared to $168K for ransomware claims without business interruption.

67% of UK IT decision makers report having a defined exit strategy if their primary AI provider were to restrict service access.

43% of UK organisations with a defined exit strategy still expect a moderate or significant impact on business continuity if their primary AI provider restricts service access.