One in four users (25%) rely on broad, difficult-to-audit static profile bundles for SaaS access.

Human workers never interact with 91% of the sensitive data available to them.

52% of U.S.-based cybersecurity leaders say training for human-AI collaboration is limited or insufficient.

The average disclosure window worsened from 76 days in 2024 to 117 days in 2025.

A bot attack flooded one auto-lending partner with more than 10,000 fraudulent applications per day.

Nearly 87% of financial institutions use TPRM software.

The median security team spends 20 minutes dismissing a single junk alert.

75% of organizations with multiple AI use cases report a net positive workforce impact, compared to 56% of those still in the early stages of adoption.

Around 70% of midmarket security leaders say headcount has kept pace with their digital estate.

ChatGPT-User was the second most impersonated agent in early 2026.

The average number of weekly cyber attacks per organization reached 2,086, representing a 9.6% increase year over year.

Clop accounted for 13% of published attacks in February.

48% of businesses say the CEO now makes the final decision on cyber budgets.

Organizations face an average annual recovery cost and downtime of $2.2 million from cyber incidents.

39% of organizations experience phishing attacks.

99% of organizations have an incident response plan.

31% of users have the power to modify or delete sensitive data.

91% of people support national laws regulating personal data use.

73% of organizations report internal conflict over ownership of AI security controls.

81% of incidents carried out by Iran-affiliated groups target organizations in the U.S. and Israel.