For platformised organisations, mean time to contain (MTTC) security incidents are shorter by an average of 84 days.

54% of privacy professionals interact with internal audit.

One in three CEOs cite cyber espionage and loss of sensitive information/intellectual property (IP) theft as their top concern.

Only a small fraction (0.02%) of alerts led to lateral movement, meaning attacks are getting faster.

42% of IT leaders prioritize email encryption for email security investment.

35% of organisations experienced brand damage as a consequence of a ransomware attack in 2024, up from 21% in 2021.

Of the 49% of ransomware victims that did not pay a ransom, the main reasons were: compromised data wasn't critical (49%), having an effective backup strategy (48%), company policy (47%), lack of trust in the provision of a decryption key (46%), and law enforcement advice (40%).

The primary reasons for not reporting these incidents were unwanted publicity (39%), being up against a payment deadline (38%), fear of retaliation (38%), and not believing the extortion demand was exorbitant (24%).

Approximately 70% of cyberattack-related breach notices did not include attack information in 2024, compared to 58% in 20232. In 2019 and prior years, nearly 100% of breach notices included attack vector information.

Organisations are juggling an average of 83 different security solutions from 29 vendors.

The median monthly rate of advanced email attacks in the APAC region surged by 26.9%, climbing from 472 attacks per 1,000 mailboxes to 600 between 2023 and 2024.

7 out of 10 surveyed companies with a high degree of security platformisation report their cybersecurity investments have helped business outcomes.

18% of UK organisations believe their cybersecurity budgets are nearly sufficient.

41% of employees in France say they frequently use IT policy workarounds to “get the job done” and save time or effort.

54% of large organisations identified supply chain challenges as the biggest barrier to achieving cyber resilience.

31% of businesses listed business interruption as a major concern, which often results from cyber incidents.

Nearly three-quarters (72%) of UK bosses admit they are more comfortable with in-person work because it requires less surveillance and monitoring.

25% of businesses cited changes in legislation and regulation as a key business risk.

55% of employees in government say they frequently use IT policy workarounds to “get the job done” and save time or effort.

63.8% of ChatGPT users used the free tier, with 53.5% of sensitive prompts entered into it.