Only 1% of vulnerabilities are confirmed to be exploited in the wild in 2025

46% of SMBs saw AI-generated phishing in the past 12 months.

Nearly two-thirds of security teams experience moderate to significant burnout.

High storage costs are a barrier to cross-departmental data sharing (76%).

70% of phishing emails pass DMARC authentication.

75% of organizations are concerned about Distributed Denial-of-Service (DDoS) attacks targeting AI agents.

28% of SMB respondents say AI is creating hyper-personalized social engineering attacks.

Publicly disclosed victim counts increased by roughly 12%.

North America's share of total cases increased from 24% in 2024 to 29%.

Large-text, long-form phishing messages increased from 27% to 33% year-over-year.

24% of organizations perform comprehensive IP, license, security, and quality evaluations for AI-generated code.

Financial services (82.74%) was the top industry targeted by phishing attacks in Europe in 2025.

Financial services (94.24%) was the top industry targeted by phishing attacks in Central Asia in 2025.

IT (38.24%) was the top industry targeted by phishing attacks in North America in 2025, followed by Financial Services (29.66%) and Internet Services (22.5%).

Financial services (97.36%) was the top industry targeted by phishing attacks in LATAM in 2025.

Over 90% of security leaders say they feel prepared to defend themselves

Machine identities outnumber human users by ratios as high as 20:1

35% of SMB respondents say AI is creating adaptive and evasive malware.

63% of SMBs have antivirus or antimalware tools.

58% of SMBs have firewalls.