The most common base terms used in breached passwords were “password”, “admin”, and “welcome”.

53% of people admit to using the same password across multiple accounts.

The number of endpoints businesses rely on to execute tasks has risen to 50, a 19% increase in five years.

During 2023, 50 percent of global R&DE incidents were attributed to just five collectives, and 75 percent of incidents could be attributed to 14 collectives. However, during 2024, 50 percent of global R&DE incidents were attributed to eight collectives, with 20 collectives responsible for 75 percent of global incidents.

When asked if they agree with the statement "We aren't sure if any employees are currently accessing GenAI sites today or what they are doing on these sites," 42% of organizations surveyed said they strongly agree, 40% said they agree, 7% said they neither agree nor disagree, 5% said they disagree, 5% said they strongly disagree.

The majority of UK organisations, three-quarters, anticipate their cybersecurity budgets will grow.

International entities experienced a 65% decrease in exploitable service instances.

The most common length for compromised passwords was 8 characters (212.5 million total).

AI vulnerabilities increased by 1,025% from 2023 to 2024.

Only 77% of IT leaders were aware of whether their emails were encrypted.

Ransomware attacks reached an all-time high in December 2024.

Over 50% of exploits in CISA’s Known Exploited Vulnerabilities (KEV) report were API-related in 2024, up from 20% in 2023.

52% of employees say they are clear on their company's policy around email security, 45% say they are not clear, and 3% say they don't know

35% of enterprises are just beginning their AI journey.

More board members than CISOs want CISOs to develop certain skills: Business acumen: 55% of board members vs 40% of CISOs, emotional intelligence: 45% of board members vs 35% of CISOs, Communication: 52% of board members vs 47% of CISOs.

63% of enterprise leaders believe AI increases API security risk.

The number of apps blocked by the top 25% of all organizations blocking genAI apps has more than doubled from 6.3 apps to 14.6 over the past year.

77.4% of API-related vulnerabilities in AI products are directly API-related, such as weak API authentication, inadequate rate limiting, and broken access controls.

Attackers can exfiltrate sensitive data in as little as 6 seconds in API attacks.

Only 1.1% of the vulnerabilities in AI products were entirely unrelated to APIs.