96% of EMEA financial services organizations believe they need to improve their resilience to meet DORA requirements.

34% of financial services organizations cite third-party risk oversight as the most challenging DORA requirement to implement.

Just 31.7% of EMEA-based firms agree that banning communications channels is an effective compliance solution.

71.4% of EMEA respondents intend to introduce AI into compliance workflows in the next year.

Conversely, EMEA organisations show the highest reporting rate for BEC, at 4.22%

In EMEA, the VEC engagement rate exceeds Business Email Compromise (BEC) by 90%.

Repeat engagement with VEC in EMEA is the highest of any region, over twice that of BEC.

EMEA organisations demonstrate the lowest reporting rate for VEC, at 0.27%.

30% of EMEA manufacturing respondents cite regulatory requirements as a main driver for Secure Remote Access (SRA) implementation.

EMEA continues to see the lowest regional attack rate globally at 0.6% of transactions, according to the LexisNexis® Identity Abuse Index.

Social Engineering was the second-most common incident pattern in the region, with phishing appearing in 19% of breaches in EMEA.

System intrusion breaches in EMEA surged to 53%, nearly doubling last year’s rate of 27%.

Although EMEA experienced the highest percentage of breaches caused by internal actors, the number of insiders decreased by 41% in 2025.

Within EMEA, 19% of breaches were attributed to unintentional mistakes, and 8% involved misuse.

In EMEA, nearly a third (29%) of breaches originated from within the organisation.

APAC had the highest global phishing encounter rates, followed by EMEA and North America.