23% of UK security professionals cite a lack of visibility over supply chain/third-party partners as a barrier to DORA compliance.

15% said a material privacy breach in the next 12 months was likely.

More than one-third of organisations (34.2%) hope to achieve their KPIs for compliance benchmarks by incentivizing success or by penalizing failure, or by implementing both incentives and penalties.

69.7% of CISOs said cost is most important when selecting tools/vendors to provide governance and continuous controls monitoring.

The top 25% of retail organizations had at least 34% of people using genAI apps, while the top 25% in technology led all other industries with at least 41% of people using genAI apps. At the other end of the spectrum, banking trailed with only 3% of users in the average organization using genAI.

Over a billion credentials were stolen in malware attacks within a 12-month period.

Stolen credentials are involved in nearly half (44%) of all data breaches.

88% of organisations still use passwords as their primary method of authentication.

Of the 1.8 million breached administrator credentials, 40,000 admin portal accounts had the password ‘admin’.

API-related data breaches tripled in 2024.

There was an average of three API-related breaches per month in 2024, with some months seeing as many as five to seven.

74% of the time, CEOs and executives were the roles that were compromised.

Only 47% of CISOs engage with their boards on a monthly or quarterly basis, and 42% meet with their boards on an ad hoc basis, if at all.

30% of respondents in North America said they experienced difficulties in retaining privacy professionals, compared to 60% of respondents in Latin America.

21% said the chief privacy officer was primarily accountable for privacy.

81% of employees say security practices and technologies that are more user-friendly will result in better security outcomes

31% plan to use AI for privacy in the next 12 months.

66% of organisations provide privacy training annually.

54% track the number of privacy incidents to evaluate privacy training effectiveness.

26% of IT leaders say keeping up with data security threats is among the biggest security vulnerabilities in organizations