Automotive applications faced a 91% attack rate in 2026.

89% of employees say they feel safe reporting mistakes in organizations that prioritize cybersecurity as a culture.

13% of employees say they’ve sold or know someone who has sold company login details – often under the belief it’s harmless

19% of cybersecurity leaders report their organizations have an integrated and culture-embedded approach in place to manage human-related cybersecurity risk.

35% of middle market organizations prioritize broader risk management functions in cybersecurity investment.

58% of cybersecurity leaders report that AI agents are already taking actions within organizational workflows.

52% of organizations report their use of AI is unapproved or ungoverned.

86% of employees say deepfake content is so realistic that it is harder to know what to trust.

64% of employees say it is possible that they could be tricked by AI-enabled attacks.

58% of cybersecurity leaders say mistakes during everyday work have had the greatest impact on their organization’s cybersecurity in the past 12 months.

23% of middle market organizations prioritize digital identity management.

42% of cybersecurity leaders identify AI-enabled attacks as a key driver of future human-related cybersecurity risks.

Over a third of employees commonly source their own agentic AI tools when options are unavailable or restrictive.

Fewer than half of organizations report full visibility into where AI agent credentials are stored.

Exploited vulnerabilities rose 43% in the first three months of 2026.

Operations runs just 18% of its AI activity on enterprise plans.

74.6% of all AI use at work has a clear business purpose.

Vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog increased 43% in Q1 2026 compared with Q4 2025.

52% of scam victims lose money, more than twice the 2025 rate.

Fake invoice scams account for 20% of the scams causing the most damage.