Around one in seven businesses (14%) and one in five charities (22%) said they held personal data that was not protected by techniques such as anonymisation or encryption, suggesting that the majority do protect personal data (77% of businesses and 69% of charities).

Around a third of businesses (30%) conducted a risk assessment covering cyber security, in line with last year (29%).

Cyber security was considered a high priority for senior management in around seven in ten businesses (72%) and six in ten charities (60%).

Seeking external information or guidance on cyber security was reported by 44% of businesses and 31% of charities.

The most commonly cited individual source of information remained external cyber security or IT consultants/providers (27% of businesses and 13% of charities).

Small businesses incured at least $131 billion in losses from fraud, scams, and ransomware last year.

Average losses for small businesses ranged from nearly $60,000 for payment fraud to more than $90,000 for email compromise.

47% of organisations concentrate responsibility for managing digital resilience within a single function rather than sharing it across the C-suite

25% of organisations across surveyed markets say their responses to digital disruption largely go to plan

15% of organizations have first-hand supplier visibility.

95% of enterprises provide cybersecurity hygiene training.

77% of organisations experienced a cybersecurity incident in the past year.

34% say AI has created new security blind spots.

37% of CIOs deploy AI bias processes.

44% of CIOs are turning to managed services to fill critical security gaps.

Over a quarter of CIOs report AI as a significant source of risk, placing it on par with malware, ransomware and phishing.

33% of CIOs identify malware and ransomware as dominant threats.

VPN and remote access systems account for roughly one-third of initial access vectors in healthcare cyberattacks.

Activity from the Qilin ransomware group declined by 25% and activity from the Akira ransomware group declined by 22%.

90% of organizations say they can recover from a cyber incident within their recovery time objectives (RTOs).