Successful reported cyberattacks on UK utility companies surged by 586% from 2022 to 2023.

Of organizations that paid a ransom, 60% paid less than half of the initial ransom.

The FBI received 21,403 complaints about identity theft in 2024 (versus 19,778 in 2023 and 27,922 in 2022).

87% say their organization experienced at least two successful identity-centric breaches in the past 12 months.

34.4% of AI tools have user data accessible to third parties without adequate controls.

Security awareness training has significantly reduced phishing susceptibility in large energy organisations, dropping from 47.8% to 4% in one year.

Only 13% of Gen Z report using a password manager to securely share sensitive login information.

AI usage at work has grown an astounding 61x over the past 24 months.

AI usage at work has increased 4.6x in the past 12 months.

81% of security leaders state that AI-driven automation is a top priority for their strategy over the next 3 to 5 years.

35.9% of AI-generated content flows into email and messaging platforms.

35% of Gen Z respondents revealed they never or rarely update passwords after a data breach at a company with which they have an account. Only 10% of Gen Z reported that they always update compromised passwords.

The FBI received 3,204 complaints about data breaches in 2024 (versus 3,727 in 2023 and 2,795 in 2022).

98% of organizations plan to invest in exposure management in the future.

The SOC is restructuring around automation, with 45% of organizations creating centralized automation teams.

There was a noticeable decrease in the median ransom amount paid.

89% of security teams have already begun to implement AI into their exposure validation processes.

Over 80% of Gen Z and Millennials report that they are at least somewhat likely to enable multi-factor authentication (MFA) when it isn’t required. This compares to just 51% of Boomers.

A pre-defined “chain of command” was included in the ransomware playbook for 30% of organizations.

67% say infrequent pen testing has left concerning gaps in security assessments.