47% of business leaders are optimistic their companies will thrive in 2025.

45% of those who experienced a DDoS attack noted it was a diversion in a broader attack.

93% of all malicious actions observed could be mapped to just 10 MITRE ATT&CK techniques.

25% of the malware examined showed behaviours related to T1555 (Credentials from Password Stores).

70% of respondents are using fewer than ten security vendors.

57% of U.K. software buyers have regretted one or more technology purchases over the 18 months prior. This is roughly in line with the global average of 59%.

35% of IT software buyers express dissatisfaction, which is the highest among software buyers, followed by marketing and communication, and finance and accounting software buyers.

47% of successful software buyers use product review and comparison websites.

AI spending is expected to nearly triple in 2025 compared with last year.

Investment in Detection Engineering: 80% of surveyed detection engineers stated their organisations are putting real money behind detection engineering. Among large enterprises (5,000+ employees), this investment rises to 85%.

45% report having adequate access to all the data feeds/logging required to meet their threat detection objectives. For enterprise organisations, 58% lack access or aren’t sure if they have the right logging.

55% of phishing emails detected by Darktrace passed through all other existing layers of customer email security.

73% expect risks of fraud to grow in 2025.

The online crime-as-a-service ecosystem grew to nearly 24,000 users selling attack technologies.

Just 0.1% of participants in a recent iProov study could reliably distinguish real from fake content.

According to the Federal Trade Commission’s Consumer Sentinel Network, over $10 billion was lost to identity theft in 2023, with notable settlement costs for organisations exceeding $350 million per breach.

41% of businesses in the UK cited cybersecurity as their biggest business risk, making it a larger concern than the global average.

Most security.txt files were hosted on port 443 (46%), while 18% were on unsecured ports like 80 and another 18% were on pots like 8080 that are not as safe but can be configured manually to support the necessary encryption.

96% of UK senior security professionals say DORA will significantly enhance overall resilience across the EU and the EU business ecosystem.

Over 7,400 Common Vulnerabilities and Exposures (CVEs) were detected on cloud systems hosting security.txt files from insecure versions exposed to the internet as of September 2024.