More than 50% of organizations check for unusual login attempts every three months or less.

In the 12 months from March 2025, industrial organisations accounted for 29.6% of all ransomware activity on average.

Within capital goods, machinery experienced 442 ransomware attacks and construction and engineering experienced 394 ransomware attacks in the 12 months from March 2025.

Industrial organisations experienced 2,073 ransomware attacks in the 12 months from March 2025.

Total annual revenue in the UK cyber security sector reaches £14.7 billion, a nominal increase of about 11% since the previous year.

Total gross value added (GVA) for the UK cyber security sector reaches approximately £9.1 billion, an increase of 17% since the previous year.

99% of respondents say their organization already uses AI agents.

On average, 40% of AI agents and 40% of machine identities already have access to organizational data.

90% of respondents agree that AI agents should operate under least privilege principles, with bounded access and tighter controls.

91% believe they can rapidly contain compromised AI agents.

On average, only 39% of privileged access is managed through a just-in-time (JIT) or zero standing privilege (ZSP) model.

Among C-suite respondents, 54% believe their organization is completely effective at continuously enforcing least privilege, while 61% of the practitioners doing the work disagree.

96% of respondents report that human identities operate with access far beyond what is required for their roles.

42% of the human workforce has direct access to organizational data.

84% of respondents believe their organization could at least moderately improve awareness of the permissions and access granted to connectors and service accounts.

56% of organizations report that they can’t effectively enforce continuous least privilege for service accounts across cloud, SaaS, and on-premises environments.

64% of organizations still report they are not yet prepared to defend against quantum-enabled threats.

86% agree that they will need external help to become quantum ready.

71% of organizations don’t fully automate certificate renewal and monitoring across all environments.

98% report challenges securing PKI.