65% of organizations report challenges with shadow AI.

Only 40% of organizations have a formal AI governance framework in place.

One in three large organizations lack a formal AI governance framework.

63% of law firm decision-makers report a significant email-based security breach in the past 12 months.

83% of law firm clients say a firm's technology sophistication affects their confidence.

57% of law firms reported a mobile-related breach.

72% of organizations do not detect credential misuse in real time, often taking hours or sometimes days or weeks to identify unauthorized privileged access.

51% of U.S. cybersecurity decision-makers identify AI-related Non-Human Identity management and security as a top identity governance gap.

43% of cybersecurity decision-makers globally identify AI-related Non-Human Identity management and security as a top identity governance gap.

67% of U.S. cybersecurity decision-makers are concerned about employees inadvertently exposing sensitive information to AI systems.

Only one in nine global ransomware attacks were publicly disclosed in Q1 2026.

There were 2,160 undisclosed ransomware attacks identified in Q1 2026.

Government entities experienced 32 publicly disclosed ransomware attacks (12%) and the technology sector experienced 28 attacks (11%) in Q1 2026.

The Gentlemen claimed 273 attacks since its emergence in 2025 through the end of Q1 2026.

Data exfiltration occured in 96% of ransomware attacks in Q1 2026.

The average volume of data stolen per undisclosed ransomware incident was 743 GB in Q1 2026.

Organizations across 39 countries were impacted by disclosed ransomware attacks in Q1 2026.

Organizations coordinate an average of seven AI models in production.

77% of organizations report that inference is their dominant AI activity.

Only 8% of organizations rely exclusively on public AI services.