28% of UK security professionals cite a lack of prioritisation from the wider organisation as a barrier to DORA compliance.

24% of UK security professionals cite a lack of skills/knowledge as a barrier to DORA compliance.

The number of organisations conducting adversarial tests (abuse cases) has doubled year-on-year.

There was an 80% year-over-year increase in ransomware activity in energy and utilities sector.

78% of UK senior security decision makers say they currently employ external support.

19% of top web and cloud categories referring phishing pages are search engines, followed by shopping (10%), technology (8.8%), business (7.4%), and entertainment (5.7%).

92% of UK senior security decision makers say they were feeling either very positive or somewhat positive about their organisation’s preparedness ahead of the DORA deadline.

84% of attacks against energy and utilities sector originated from phishing.

20% of UK senior security decision makers expect to miss the DORA deadline by at least four months.

$500,000 is the average financial impact of a data breach within the utilities sector.

Just over 13% of CISOs are looking to technology to help solve their problems and have started to adopt or have plans to adopt Compliance as Code (OSCAL or OCSF).

84% of UK senior security decision makers felt that their organisation had made more than enough budget available to become compliant with DORA.

35% of CISOs said that, on a scale of 1 to 5, they would rate their compliance program a 3 (“Defined: early-enterprise, standardized and structured”).

Play Ransomware conducted an average of 30 attacks per month, peaking in October 2024 with at least 52 attacks10. Approximately 89.9 percent of Play Ransomware's victims were based in North America10. 24.7% of Play Ransomware's victims were in the manufacturing industry and 17.5% were in the construction industry.

There was 211 US healthcare ransomware victims in 2023 and 268 in 2024, a 27% increase.

77% of IT decision-makers say that data sovereignty is more important than it was three years ago.

36% of businesses said that data sovereignty involves data access, handling, and storage.

41% of surveyed IT decision-makers said data sovereignty is something they need to comply with.

61% said compliance challenges made their privacy role more stressful.

70% of privacy professionals interact with legal and compliance.