Initial access listings on cybercriminal platforms surged by 142% in the same period.

The top three GDPR fines in 2024 include €310m ($326m) against LinkedIn by the Irish DPC for its processing of personal data in advertising practices, €290m ($324m) against Uber by the Dutch Data Protection Authority (AP) for storing driver data in the US without adequate safeguards, and €251m ($263m) against Meta by the Irish DPC for a 2018 data breach4.

The Dutch Data Protection Commission issued a €30.5m ($32.03m) fine against Clearview AI.

8.5% GenAI prompts contain sensitive information.

Almost half of the CISOs who rated their compliance programs a 1 or 2 attributed their difficulties to a lack of personnel or resources.

Only 34% of email incidents are formally reported.

Keyboard walks such as ‘qwerty’ are weak passwords used by millions of end users.

Email was the primary method for delivering malware to endpoints, accounting for 52% of threats in Q3 2024. This represents a 9% decrease compared to Q2 2024.

70% of IT leaders in Netherlands agree that outbound email security doesn’t get as much attention beyond compliance, but it is the silent security killer

79% of CISOs say KPIs for their security teams have changed substantially over recent years.

Of the organisations that measure the operational cost of managing compliance, 10.1% track IT costs.

15% of IT leaders say lack of visibility or reporting of security incidents in your organization is among the biggest security vulnerabilities in organizations

Simple passwords like Pass@123 and P@ssw0rd, which meet basic Active Directory requirements, are frequently used, increasing the risk of password reuse.

The list of the top 10 most blocked AI apps are: QuillBot (33%), Beautiful.ai (31%), AiCHatting (30%), Pixlr (28%), Tactiq (27%), Writesonic (27%), DeepAI (24%), ElevenLabs (24%), Craiyon (24%), and Poe AI (23%)

Only 11% of AI-powered APIs implemented robust security measures, such as bearer tokens with expiration times.

Wallarm's researchers tracked 439 AI-related CVEs, a 1,025% increase from the prior year. Nearly all (99%) were directly tied to APIs.

61% track the number of employees who have completed privacy training.

78% of IT leaders in Germany admit that employee mistakes in outbound emails result in more significant data loss than malicious inbound attacks.

The ransomware-as-a-service actor FunkSec was the most active in December 2024, responsible for 103 attacks, which is about 18% of all recorded attacks for the month. Check Point reported that FunkSec claimed to have targeted 85 victims in December.

Cost-saving measures reported by CISOs include reduced security solutions and tools (50%), security hiring freezes (40%), and decreased or eliminated security training (36%).