Among IT security professionals who expect AI to reduce required headcount, 46% expect this shift to occur within the next two years.

74% of healthcare organizations identify visiting clinicians as requiring the most granular policy attention.

Only 9% of healthcare and manufacturing organizations have protected more than 80% of their critical systems.

97% of IT security hiring managers are actively seeking candidates with at least one AI-related skill.

73.9% of consumers expect strong safeguards such as biometric or one-time password authentication for every transaction

94% of IT decision-makers are confident their current disaster recovery plan covers scenarios involving agentic AI systems.

56% of IT decision-makers place a high priority on protecting SaaS data and disaster recovery when implementing AI solutions.

53.9% of consumers believe AI could increase the risk of online fraud

Brute force attempts decreased 22% year-over-year.

Within dark web "database" activity, stealer logs comprised 67.12% of advertised/shared datasets, combolists 16.47%, and leaked credentials 5.96%.

Credential-stealer infections were dominated by RedLine with 911,968 infections (50.80%), Lumma with 499,784 infections (27.84%), and Vidar with 236,778 infections (13.19%).

In 2025, nearly 30% of people who reported losing money to a scam said it started on social media

Reported losses for social media scams reached $2.1 billion in 2025. This is about eight times the 2020 figure.

Social media was the most costly fraud contact method last year in terms of aggregate reported losses for every age group under 80, and ranked second after phone calls for those 80 and over.

In 2025, people reported more money lost to scams that started on Facebook than on any other social media platform. WhatsApp and Instagram were a distant second and third.

In 2025 people reported far more money lost to scams on Facebook alone than they reported losing to text or email scams.

Ransomware attacks among businesses have declined compared with the previous two years (1% this year down from 3% in both 2024/2025 and 2023/2024)

There has been an increase in businesses reporting that the breach or attack led to loss of revenue or share value (2% in 2024/2025 to 5% in 2025/2026) and an increase in those reporting it resulted in reputational damage (1% in 2024/2025 to 3% in 2025/2026).

Adoption of more advanced controls like two-factor authentication (47% businesses and 38% charities), a virtual private network for staff connecting remotely (36% businesses and 17% charities) and user monitoring (30% businesses and 31% charities) remain lower than other measures.

A formal cyber security strategy was in place for almost six in ten medium businesses (57%), rising to seven in ten large businesses.