Ransomware victims concentrate geographically with the U.S. at 3,381, Canada at 374, and Germany at 291.

Global exploitation attempts increased 25.49% year-over-year.

The proportion of charities experiencing a takeover has decreased from 3% in 2024/2025 to 1% this year (although was in line with 2% in 2023/2024).

Around eight in ten businesses (81%) and charities (84%) said they informed directors or trustees following an incident, and 62% of businesses and 73% of charities said they kept an internal record of the incident.

40% of affected small businesses say fraud hurts customer acquisition.

Among small businesses already targeted, 76% say AI was used in the attack.

51% of small business owners say payment platforms are "very responsible" for preventing and protecting against fraud.

30% of enterprises name AI governance and risk management as their top AI security challenge.

Vendor email compromise accounts for 61% of all business email compromise attacks.

Healthcare organizations are being hit by cyberattacks about every 10 hours.

Medical records sell for $250 to $1,000 each on illicit markets.

99% of organizations have formal incident response plans.

63% of organizations expect to embed AI as a baseline capability in day-to-day security operations by 2027.

Claude Opus 4.6 identified exploitable RCE vulnerabilities in 3 of 5 runs.

Phishing accounts for 58% of all attacks.

Third-party liability claims jumped 70% in 2025.

40% of CIOs use explainability mechanisms for AI.

48% of CIOs maintain AI audit trails and logging.

94% of CIOs report a cybersecurity skills shortage.

62% of CIOs say employees jeopardise data security through AI use.