In 2025, 61% of CISOs indicated that their organization’s board and C-suite expect the cybersecurity group to guarantee zero breaches and ransomware incidents.

Just 16% of MSSP-supported financial services firms require two to four weeks to contain a breach.

25% of internal shared-resource financial services firms require two to four weeks to contain a breach.

The C-Suite ranks cyber attack or breach as the #1 current risk for global organizations.

Risk management ranks cyber attack or breach as the #1 current risk for global organizations.

Finance ranks cyber attack or breach as the #2 current risk (after economic slowdown or slow recovery) for global organizations.

HR ranks cyber attack or breach as the #3 current risk (after increasing competition and economic slowdown or slow recovery) for global organizations.

How cyber attack or breach ranked as current risk over the recent years: 2025 - #1, 2023 - #1, 2021 - #1, 2019 - #6, 2017 - #5, 2015 - #9.

Cyber attack or breach remains the top concern globally across current and future risks (no change from 2023) for global organizations.

The 2025 breach at DaVita compromised over 900,000 patients' personal and clinical data.

98% of organisations experienced a breach stemming from vulnerable code in the past year.

Within the next 12 to 18 months, nearly a third (32%) of CISOs, AppSec managers and developers expect Application Programming Interface (API) breaches via shadow APIs or business logic attacks.

62% of breaches in H1 2025 involved data stored on network servers.

76% of breaches in H1 2025 stemmed from hacking or IT incidents.

24% of breaches IN h1 2025 were on email systems.

The healthcare sector experienced an average of two healthcare breaches per day in the first half of 2025.

Nearly 30 million individuals were affected by breaches in H1 2025.

69% of 2025's breach notices did not include an attack vector. This is an increase from 65% for the full year 2024.

H1 2025 compromises resulted in a little more than 165.7 million breach notices.

The number of victim notices through June 2025 is only 12% of the total for 2024. This is because there haven't been the same level of mega-breaches affecting hundreds of millions of people as seen last year.