74% of the breach organisations did not list an attack vector in a breach notice.

63% of employees in the UK say they frequently use IT policy workarounds to “get the job done” and save time or effort.

Stolen credentials were the leading attack vector in 133 cyberattacks against publicly traded companies.

40% of states have enacted comprehensive privacy laws to better protect consumers.

Almost one-third (31.1% of CISOs) believe that their company’s resistance to change is primarily driven by financial matters.

19% of CISOs are concerned about their organisation's ability to handle a cyber crisis because of a lack of realistic, stress-tested crisis simulations.

53% of employees in legal services say they frequently use IT policy workarounds to “get the job done” and save time or effort.

In 2024, advanced email attack volumes increased by 16% between Q1 and Q2, and by 20% between Q2 and Q3.

79% of organizations report that, while they have implemented significant automation, they lack a way to control, manage, and sustain it effectively.

Phishing attacks across the APAC region saw a year-on-year increase of 30.5%.

Cyber risks have increased due to ongoing geopolitical conflicts and the rise of AI-powered malware, making it easier for attackers to access and deploy cyber threats.

Australia and New Zealand experienced a 30% rise in phishing attacks.

26.1% of CISOs cited the rate of regulatory change as a challenge in implementing new or updated compliance frameworks.

49% of public-sector organisations indicate they lack the necessary talent to meet their cybersecurity goals, which is a 33% increase from 2024.

Other types of data involved in policy violations include: intellectual property (16%), source code (13%), passwords and keys (11%), and encrypted data (1%).

There was a 300% year-over-year increase in SaaS breaches between September 2023 and 2024.

16% of 2025 security budgets are being reallocated to simulation exercises.

In 2024, downloads of malicious content from popular cloud apps occurred in 88% of organisations at least once per month.

73% of organisations block at least one GenAI app, with a steady rate of 2.4 GenAI apps blocked on average year over year.

Application security was the most significant vulnerability for 41% of federal contractors, with nearly half (46%) of the most impactful security issues originating from this area.