90% of enterprises are working to standardize AI tool security.

Over 80% of security teams at enterprises lack full visibility into the applications and AI agents created by business users.

Enterprises can track only 44% of the AI tools handling sensitive company and user data.

More than 50% of CISOs at enterprises agree that business users are building applications that support business-critical processes.

90% of security leaders at enterprises expect to implement governance policies for citizen development by the end of 2026.

35% of organizations have fully implemented an identity-based Attack Path Management (APM) solution, up from 21% in 2025.

49% of state CISOs name implementing effectiveness metrics as a top cybersecurity initiative, up from 25% in 2024 and 15% in 2022.

75% of organizations report increased identity security spending.

Roughly one-fifth of CISOs indicate their states are moving toward a "whole-of-state" approach to cybersecurity.

In the last six months, calendar invite phishing increased by 49%.

In the last six months, use of reverse proxies to steal Microsoft 365 credentials surged by 139%.

In the last six months, Microsoft Teams attacks escalated by 41%.

71% of small business owners expect AI to make fraud more prevalent.

Internal team impersonation was present in 30% of phishing attacks by threat actors in Q1 2026.

In the last six months, 86% of phishing attacks were AI-driven.

87% of enterprises have deployed AI and automation in security operations simultaneously.

92% of IT and cybersecurity decision-makers at enterprises say automation has met or exceeded operational expectations in security operations.

91% of enterprises experience workflow bottlenecks despite deploying AI and automation.

52% of C-suite leaders at enterprises report that AI exceeded expectations.

17% of managers at enterrpises report that AI exceeded expectations.