"BlackLock" activity rose 1,425% from Q3 to Q4 2024.

Malicious content downloads from popular cloud apps occur in 88% of organizations every month

Average losses from BEC attacks exceed $137,000 per successful attack, and global losses totalled $2.9 billion in 2023.

The mean time to contain (MTTC) attacks using manual incident containment strategies is 8 hours and 12 minutes.

State-sponsored groups accounted for 35% of attributable breaches, but their role in third-party breaches rose to 39.5%.

In the breakout phase of attacks using an "assembly line" strategy, threat actors move from one technique to the next in an average of just 7 minutes.

DLP as a strategy for mitigating the genAI risk is growing in popularity globally at modest rates, from 42% in the summer of 2024 to 45% at the end of the year.

33.5% of CISOs are challenged by audit readiness in satisfying regulatory requirements.

23% of IT leaders have email security training on inbound threats only

58% of organisations hit by ransomware in 2024 were forced to shut down operations to recover. This is an increase from 45% in 2021.

Containment and remediation of a ransomware attack in 2024 took an average of 132 hours and involved an average of 17.5 staff and third parties, resulting in an average cost of $146,685.

40% said that the data was still leaked following payment.

52% of respondents said systems with unpatched vulnerabilities are targeted for lateral movement and privilege escalation, a significant rise from 33% in 2021.

Excluding the six mega-breaches, the number of victim notices in 2024 decreased by 36% compared to 2023.

The Financial Services industry was the most breached in 2024, followed by Healthcare, Professional Services, Manufacturing and Technology.

MFA failed to prevent attacks in 84% of incident responses.

Organizations typically deploy around 100 AI applications, with 60% lacking proper security controls or federation behind the IdP.

The average cost of a SaaS breach has risen to $4.88 million.

Organisations can achieve an 85% reduction in their SaaS attack surface with better security measures.

The healthcare sector experienced the highest number of SaaS breaches from September 2023-2024, accounting for 14% of the total. This was followed by state and local government at 13% and financial services at 11%.