77% of advanced email attacks failed SPF, DKIM, or DMARC authentication yet still reached inboxes.

65% of organizations in Latin America and the Caribbean reported insufficient cybersecurity skills to achieve their security objectives.

31% of global business leaders reported low confidence in their nations' ability to respond to critical infrastructure attacks.

72% of CISOs agreed that their role has evolved to include leading their organization’s ability to recover continuity following a cyberattack or security incident.

54% of U.S. organizations uncover unmanaged privileged accounts and secrets every week.

67% of CISOs stated they are the primary executive responsible for ensuring Cyber Resilience within their organization.

Approximately 45% of advanced email attacks showed indicators of AI assistance, projected to rise to 75–95% within the next 18 months

63% of organizations in sub-Saharan Africa reported insufficient cybersecurity skills to achieve their security objectives.

77% of advanced email attacks impersonated business-critical brands such as DocuSign, Microsoft, and Google.

In 2025, 83% of CISOs reported that Cyber Resilience was more critical for their organization than traditional cybersecurity measures, compared to 90% in the previous year.

88% of U.S. organizations manage two or more identity security tools, creating fragmentation that introduces blind spots.

In 2025, 68% of CISOs agreed that their organization currently has a Cyber Resilience strategy in place.

Clicks on phishing links decreased by 27%, from 119 per 10,000 users last year to 87 per 10,000 users this year.

Only 1% of U.S. organizations have fully implemented a modern Just-in-Time (JIT) privileged access model.

60% of insider threat incidents involved personal cloud application instances in 2025.

The average organization saw a twofold increase in data policy violations related to generative AI applications over the past year.

In 2025, attacks bypassing multifactor authentication (MFA) were reported in 48% of phishing attacks.

In 2025, malicious QR codes were observed in 19% of phishing attacks.

The average organization experienced 223 incidents of data policy violations related to generative AI applications each month from October 2024 to October 2025.

In 2025, obfuscations to hide URLs from detection were seen in 48% of phishing attacks.