22% of consumers had never even heard of deepfakes before the study.

Almost all respondents (98%) face challenges when it comes to scaling GenAI workloads from development to production.

52% of respondents say their organisation needs to invest in IT training to support GenAI.

More than half of global businesses do not have an AI Governance, Risk and Compliance (GRC) policy in place.

The average loss per victim of fraud calls in the U.S. is $539.

The majority of fines by the Information Commissioner’s Office (ICO) in 2024 were for breaches of the Privacy and Electronic Communications Regulations (PECR), but the proportion of fines for UK GDPR breaches rose to one sixth of the total in 2024, compared to one seventeenth in 2023.

The average fine by the Information Commissioner’s Office (ICO) in the UK in 2024 was £153,722, which is less than a fifth of the 2023 average of £816,471 (skewed by a large fine to TikTok).

60% of detection engineers work on a dedicated team. This is more pronounced in enterprises with over 5,000 employees, where 70% have dedicated detection engineering teams, compared to 49% in small and medium-sized organisations.

54% of organisations position their detection engineering function as a dedicated team within security operations.

58% of detection engineers report full integration and collaboration with incident response teams.

67% said Processing/querying languages is the most valuable skill for their detection engineering workforce.

53% said Threat modelling is a skill that needs development for their detection engineering workforce.

47% said Reporting/visualisation is a skill that needs development for their detection engineering workforce.

47% said Software engineering is a skill that needs development for their detection engineering workforce.

45% said Log pipeline monitoring and health is a skill that needs development for their detection engineering workforce.

93% of detection engineers are using or planning to use automation in their detection engineering workflow. 63% have automation already in place.

64% said High false positive rate is a challenge of vendor-provided detections.

61% said Issues with accuracy in the environment is a challenge of vendor-provided detections.

53% said Complexity of threat landscape is a challenge of building/maintaining custom detections.

49% said Difficulty in validating effectiveness is a challenge of building/maintaining custom detections.