66% of IT leaders agree outbound email security doesn’t get as much attention beyond compliance, but it is the silent security killer

Top publicly exposed OT/ICS protocols observed in 2024 included Open Platform Communications Unified Architecture (OPC UA) – 43%, Distributed Network Protocol (DNP) – 22%, Niagara-Fox – 21%, Ethernet/IP – 10%, Modbus – 4%.

When asked if they agree with the statement "We aren't sure if any employees are currently accessing GenAI sites today or what they are doing on these sites," 42% of organizations surveyed said they strongly agree, 40% said they agree, 7% said they neither agree nor disagree, 5% said they disagree, 5% said they strongly disagree.

Five sectors with the highest occurrences of exposed OT protocols were: Government Facilities – 63%, Information Technology – 10%, Energy – 10%, Healthcare and Public Health – 5%, Financial Services – 4%.

28% of federal contractors had at least one observable malware infection or compromised device on their networks in the past year.

Of detected email threats, 11% were able to bypass email gateway scanners in Q3 2024, a 1% decrease compared to Q2 2024.

13.7% of CISOs said their compliance program is a 1 (“Initial: ad-hoc”), and 23% said their program is a 2 (“Established: documented and repeatable”).

Third-party software & IT caused 50% of breaches at insurance companies.

More than a third (37.8% of CISOs) said their relationship between compliance and security is in a phase of simple negotiations.

Employees frequently send the wrong attachment (33%), misaddress emails to unintended recipients (32%), or misuse CC and BCC fields (20%). These mistakes are more likely to happen when employees are tight on time (54%), when they are stressed (40%), or when they feel overwhelmed by too many messages (40%).

Malicious spreadsheets (e.g. XLS, XLSX) totaled 7% of threats detected in Q3 2024.

The top 25% of organizations had at least 21% of their people using genAI apps, while the bottom 1% had just 1.7%.

LockBit's victim count decreased from 176 in May 2024 to only five in December.

25.5% of CISOs assume current GRC processes are not broken.

Phishing attacks in Japan and Singapore rose by 37%.

66.7% of education businesses are challenged by audit readiness and their maturing compliance program.

230 million of the breached passwords met standard complexity requirements, including length, capitalisation, numbers and special characters.

Only 12% of organisations have moved away from using passwords as their primary method of authentication.

More than a third of UK bosses have considered moving to full-time in-office work as a result of surveillance concerns.

30% of CISOs spend less than $100,000 annually on compliance.