Only 12% of organisations have moved away from using passwords as their primary method of authentication.

More than a third of UK bosses have considered moving to full-time in-office work as a result of surveillance concerns.

30% of CISOs spend less than $100,000 annually on compliance.

Machine learning-based discovery tools often identify 31% more API endpoints than those reported by enterprises.

18.9% of API-related exploits involved legacy APIs, including AJAX backends and URL parameter-based systems.

24% of respondents said they were increasingly relying on AI or automation to address privacy skill gaps, compared to 18% last year.

There was a total of 374 tracked healthcare ransomware attacks in 2024.

48% of enterprises are using training to allow nonprivacy staff who are interested to move into privacy roles.

59% said resource shortages made their privacy role more stressful.

39% said it was neither easy nor difficult to identify/understand privacy obligations.

78% of privacy professionals frequently interact with information security.

Over nine out of 10 emails were categorised as spam by VIPRE.

49% perform a privacy risk assessment to monitor their privacy programs.

87% of respondents said their organisation provided privacy awareness training for employees.

Only 2% of organizations implemented DMARC, SPF, and STARTTLS together for their email security.

58% of UK CISOs report that regulations put enhanced pressure on their wellness.

The use of QR codes for phishing peaked at 12% in Q4 of 2024.

Most organisations (57.9%) spend at least some of their budget on GRC tools to collect and maintain compliance evidence.

73% of respondents said expert-level privacy professionals were the most difficult to hire.

67% of respondents said their enterprise practiced privacy by design when building new applications and services.