Financial service organizations outside of banking require 24 days to remediate exposures.

Automotive and pharmaceutical sectors average 43 days to remediate exposures.

Organizations reported an average of three separate identity-related incidents.

5% of organizations reported six or more identity-related breaches.

10% of organizations reported an identity breach that impacted their business in the last year.

When identity breaches impact business, the primary consequences are data theft (49%), ransomware (48%), and financial theft (47%).

Only 24% of organizations continually monitor for unusual login attempts.

14% of breached organizations cannot detect and stop their most significant identity attack before damage is done.

Energy, oil/gas, and utilities reported an 80% breach rate and federal/central government report a 78% breach rate, the highest across industries surveyed.

Organizations that find compliance requirements very challenging have a breach rate of 82.4%, which is 14 percentage points higher than organizations with lower compliance difficulty (68.3%).

Human error (employees tricked into providing credentials) was cited in nearly 43% of identity incidents.

Weak non-human identity (NHI) management was cited in 41% of identity incidents.

One-third of organizations regularly rotate or audit service accounts and non-human identities, while just 11% do so continuously.

More than 50% of organizations check for unusual login attempts every three months or less.

In the 12 months from March 2025, industrial organisations accounted for 29.6% of all ransomware activity on average.

Within capital goods, machinery experienced 442 ransomware attacks and construction and engineering experienced 394 ransomware attacks in the 12 months from March 2025.

Industrial organisations experienced 2,073 ransomware attacks in the 12 months from March 2025.

Total annual revenue in the UK cyber security sector reaches £14.7 billion, a nominal increase of about 11% since the previous year.

Total gross value added (GVA) for the UK cyber security sector reaches approximately £9.1 billion, an increase of 17% since the previous year.

99% of respondents say their organization already uses AI agents.