59% of insurance companies' breaches involved third-party attack vectors, more than double the global cross-industry average of 29%.

DLP adoption continues to rise, with 45% of organizations using DLP to control data flow into genAI apps.

Insurance carriers represented 50% of the companies hit by third-party incidents, despite making up about 27% of the total sample.

Malware infections and device compromises affected 17% of insurance companies last year.

Physicians' offices comprise 25% of ransomware victims.

General medical and surgical hospitals are the second-most-targeted industry group by ransomware, making up 22% of healthcare victims, followed by other health professionals offices, such as dentists and outpatient centres.

Overall attacks on healthcare organisations surged by 32% year-over-year.

Organisational use of GenAI grew from 81% of companies using GenAI apps in 2023 to 94% in 2024.

Approximately 30% of domains registered by Scattered Spider imitated Single Sign-On (SSO) and Identity Providers.

Employee use rate of GenAI apps tripled from 2.6% of all people in organisations to 7.8%.

Organisations now use an average of 9.6 GenAI apps, up from 7.6 a year ago.

30% of the domains registered by Scattered Spider imitated hosts for common services such as Binance and Coinbase.

25–30% of Scattered Spider domains targeted manufacturing companies.

Adversary activity in 2024 mirrored the broader geopolitical landscape, with Russian groups TA577 and UAC-0050 and the Chinese group Salt Typhoon among the most active worldwide.

Government Services and Facilities had the highest exposure to publicly accessible OT (Operational Technology) protocols, with 63% exposure.

42% of users click on links targeting Microsoft credentials, followed by Adobe (18%), DocuSign (15%), Yahoo (10%), and AOL (5%).

58% of KEVs were linked to open-source software vulnerabilities, particularly PHP and Apache.

36% of respondents in Africa and 42% in Latin America lack confidence in their country's ability to respond to major cyber incidents targeting critical infrastructure.

GitHub is the top app for malicious downloads at 15%, followed by OneDrive (10%), Google Drive (6.7%), Amazon S3 (4.9%), and Box (1.5%)

34% of organisations use real-time interactive user coaching to empower individuals to make appropriate and informed decisions.