68 of 104 detected surge events preceded a vendor-matched CVE, spanning 33 vulnerabilities across 16 vendor families.

The median lead time of vendor-targeted surges before a matched vulnerability disclosure is 11 days.

49% of vendor-targeted surges begin within 10 days before the associated vulnerability disclosure.

78% of vendor-targeted surges begin within 21 days before the associated vulnerability disclosure.

54% of organizations cite data silos as a top data challenge limiting AI adoption.

Ransomware represented only 12% of claim volume among manufacturers despite accounting for the majority of incurred losses.

Having no MFA at all accounted for approximately 8% of incurred losses in Resilience's manufacturing portfolio.

89% of monitored SMBs have at least one user with confirmed credential compromise at any given time.

32% of healthcare and manufacturing organizations cite cyber insurance requirements as a direct business driver for pursuing microsegmentation.

57% of healthcare and manufacturing security leaders rank microsegmentation as their top initiative to stop lateral movement.

67% of enterprises allocate a budget for securing business-built applications and AI agents, and they expect that budget to grow by 15% in the coming year.

In some organizations, business users outnumber professional developers by as much as 10 to 1.

63% of CISOs describe themselves as not very confident in the ability of local government and public higher education to secure public data, up from 35% in 2022.

24% of healthcare organizations report cyberattacks or exploited vulnerabilities involving medical devices.

80% of cyber incidents involving medical devices cause moderate or significant disruption to patient care.

56% of healthcare organizations reject devices due to cybersecurity concerns, up from 46% in 2025.

In 2025, AI-driven bot attacks surged 12.5x compared to the previous year.

27% of bot attacks targeted APIs, allowing bots to bypass user interfaces and interact directly with backend systems at machine speed.

Financial services accounted for 24% of all bot attacks and 46% of account takeover incidents.

Bots now account for over half of all internet traffic.