Among identity crime victims who receive support from the ITRC, 14% have seriously considered self-harm.

6% of campus IT teams describe themselves as adequately staffed to work proactively.

11% of higher education institutions that experience disruptions report outages occurring weekly or daily.

79% of General Counsels lack confidence that current board reporting strikes the right balance between clarity and overload.

Only 19% say their organization’s GRC systems are fully integrated, 65% say they are somewhat integrated, and 16% report no integration at all.

39% of enterprises identify over-trust in AI-generated outputs as a leading anticipated risk.

86% of enterprises are using AI-generated code in production.

89% of enterprises are confident in their ability to secure AI-generated code.

Security teams' confidence in their ability to keep up with the security implications of AI adoption declined from 64% to 51%.

In 2025, the Lumma infostealer was responsible for 2.2 million dark web listings, roughly 42% of the total.

In 2025, the Qilin group was responsible for 12.8% of ransomware attacks.

In 2025, nation-state activity accounted for 56.6% of threat activity in the Middle East.

In 2025, nation-state activity accounted for 67% of threat activity in APAC.

Shadow AI accounted for 20% of AI-related breaches affecting financial institutions.

17% of UK IT decision makers say governance for agentic AI is basic or minimal.

Across the surveyed countries, 64% of organisations report having some or strong governance in place for agentic AI.

Overall visibility over where data is stored, processed and potentially accessible is 97% in Germany and 90% in both the Netherlands and Italy.

39% of organizations say their unstructured data is somewhat or fully prepared for AI use.

48% of organizations cite data security and privacy issues as a top data challenge.

57% of healthcare and manufacturing security leaders rank microsegmentation as their top initiative to stop lateral movement.