The top 25% of organizations now use at least 24 apps, while the bottom 25% use at most four apps. At the current trajectory, the average will increase modestly by another two apps in 2025

Most popular genAI apps based on the percentage of organizations using them are: ChatGPT (84%), Grammarly (57%), Google Gemini (53%), Microsoft Copilot (50%), Perplexity AI (47%), GitHub Copilot (35%), VEED (35%), Gamma (35%), Otter.ai (29%), and Writesonic (28%)

Blocking is common, with 73% of organizations blocking at least one app and the breadth of the blocks rising in the most aggressive organizations.

75% of retail and consumer goods and 62.5% of entertainment and media corporations are coping with the lack of a centralized system, but retailers are also challenged by silos within their data (75%).

Only 29% of CISOs say their board includes at least one member with cybersecurity expertise.

Archive files were the second most popular file type for malware delivery in Q3 2024, accounting for 34% of threats. The top five archive file formats used were ZIP, RAR, LZH, 7Z, and GZ3.

When there is a CISO on the board, 80% of boards report excellent or very good working relationships with CISOs in setting and aligning on strategic cybersecurity goals, versus 27% when there isn't a CISO on the board.

For boards with a CISO member, 60% report excellent or very good working relationships when communicating progress against milestones, security goal achievement and plan of record, compared to 16% for boards without a CISO member.

Nearly three-quarters (73%) of UK CISOs feel that their client, customer, partner and employee PII is secure in cloud environments.

88% of UK senior security professionals believe that DORA will be beneficial.

3% of CISOs attribute their raise to taking on larger scope, while others see it reflected in merit increases.

96% of attackers targeting energy and utilities sector relied on remote services to move laterally.

On average, an organization will experience 212 outbound email security incidents per month, yet only half (52%) of employees follow outbound email security policies to ensure compliance.

82% of businesses report increased compliance risks due to a lack of control caused by a more complex landscape.

85% of businesses face challenges in scaling and operationalising AI across their businesses.

Only 37.4% of healthcare ransomware victims reported attacks to the HHS in 2023.

The majority of respondents expect technology budgets to grow in the next 12 months.

Nearly 2 in 5 organisations are counting on cost savings from AI-driven efficiencies to pay for the technology.

Almost all (94.2% of CISOs) believe that continuous controls monitoring will improve both compliance and security.

65% of IT leaders in the US admit that employee mistakes in outbound emails result in more significant data loss than malicious inbound attacks.