2% of UK organisations had not yet calculated their cybersecurity budget requirements.

53.7% of CISOs stated that compliance is not embedded into their CI/CD pipeline.

20% of CISOs spend between $100,000 and $200,000 annually on compliance.

Just over a quarter (26.4%) of CISOs said that compliance has been embedded into 26-50 percent of their pipeline, while 27.4% have embedded compliance in as much as 75 percent of their pipeline.

Less than one-sixth (14.2%) of CISOs have embedded compliance into the majority (76-100 percent) of their pipeline.

Approximately 15% of domains registered by Scattered Spider imitated VPN and Secure Access.

Less than half of the respondents (44.1% of CISOs) described the relationship between compliance and security as completely synchronized.

The average breakout time in 2024 was 48 minutes, which is 22% faster than in 2023.

One-third (33% of CISOs) see an opportunity to supercharge staff through automation.

The proportion of respondents reporting a significant revenue loss as a result of a ransomware attack nearly doubled from 22% in 2021 to 40% in 2024.

Almost one in ten (9.6% of CISOs) said their relationship between compliance and security is in a period of complex negotiations while 8.5% said their relationship is out of sync.

Motivations for paying a ransom included: Not wanting data leaked (47%), inability to afford downtime (47%), having cyber insurance (41%), and all of the above (40%).

Roughly one-sixth (15.8% of CISOs) endure quite a bit of duplication and 37.4% have some duplication in their compliance efforts.

Phishing was the most common way of delivering ransomware, accounting for 45% of incidents. This is a slight fall compared to 2021, when phishing was used in 48% of ransomware attacks. The next most common methods were remote desktop protocol (RDP) compromises (32%) and exploiting software vulnerabilities (19%).

1% of organizations had no email security controls.

Supply chain attacks directly impacted 134 organizations and indirectly impacted 657 entities, resulting in 203 million victim notices. At least 190 million notices were related to the Change Healthcare breach.

Only a fifth (20.5% of CISOs) said they have very little duplication in their compliance efforts.

Global losses resulting from BEC attacks in 2023 totalled $2.9 billion.

42% of Brits believe it is unethical for employers to monitor online communications such as emails, chats, and video calls.

Roughly half of CISOs (47.9%) cited evidence gathering as one of their greatest challenges in implementing new or updated compliance frameworks.