62% of UK bosses have or have been tempted to check their employees’ browsing history.

53.7% of CISOs pointed to skilled staff as a major challenge in implementing new or updated compliance frameworks.

Legacy APIs in web applications represent over 18% of exploited vulnerabilities.

High-volume groups INC Ransom (21.7%) and BianLian (15%)show a strong healthcare focus.

38.3% of CISOs cited cost as a challenge in implementing new or updated compliance frameworks.

Newcomers in Q4 like “SafePay” and “FunkSec” quickly ramped up their activity, claiming 45 and 82 victims, respectively.

When asked if they agree with the statement "We are concerned about data leakage as employees increasingly use GenAI tools," 43% of organizations surveyed they strongly agree, 39% said they agree, 10% said they neither agree nor disagree, 5% said they disagree, and 3% said they strongly disagree.

33.5% of CISOs cited audit management as a challenge in implementing new or updated compliance frameworks.

58% of IT leaders in Germany agree that outbound email security doesn’t get as much attention beyond compliance, but it is the silent security killer

Many CISOs (51.6%) were impacted by their maturing compliance program as a challenge in satisfying regulatory requirements.

Organizations with the highest average user counts include the retail and technology sectors, averaging more than 13% of their people using genAI apps

Nearly as many (46.3% of CISOs) think the technology will allow them to more rapidly apply governance.

Only 50% of organisations scan for compromised passwords more than once a month.

Just over a quarter (27.7% of CISOs) think that automation will improve the ROI on existing tools.

Almost two thirds of organisations (63.7%) do not feel that meeting new regulatory requirements slow their organisational growth.

SSL remediation time decreased from 197 days in August 2022 to just 12 days in August 2024.

Cloud service providers began offering automated security.txt file generation to improve adoption.

The number of exploitable services per organization decreased from 12 in August 2022 to 8 in August 2024.

More than one out of every four users (26%) uploaded, posted, or otherwise sending data to personal apps.

SMB vulnerabilities declined by 72%, while RPC accounted for 92% of all exploitable service tickets.