41% indicated not practicing privacy by design was a common privacy failure.

35% said the number of data subject requests they received increased in the past year.

CISOs with healthy board relationships report stronger partnerships with IT operations (82% versus 69% of other CISOs) and engineering (74% versus 63% of other CISOs).

When asked what skills CISOs should develop, the biggest gaps in importance include business acumen (55% for boards versus 40% for CISOs), emotional intelligence (45% for boards versus 35% for CISOs) and communication (52% for boards versus 47% for CISOs).

94% of CISOs report being victims of a disruptive cyberattack, with 55% experiencing them at least a couple of times, and another 27% experiencing them many times.

Strategic CISOs earn 57% more than Functional CISOs and twice as much as Tactical CISOs.

7% of CISOs said their growth in compensation was driven by a change in employers, and this group received an average increase of 31%.

42% of surveyed IT decision-makers said data sovereignty is important to their customers and therefore, an asset to their business.

Only 36% of respondents said their organisation has a dedicated AI fund.

UK organisations are significantly increasing their cybersecurity budgets, with an average predicted rise of 31% in the next 12 months. This is more than double the 15% that Gartner had forecast.

15% of respondents in Europe and North America lack confidence in their country’s ability to respond to major cyber incidents targeting critical infrastructure.

More than 76% of chief information security officers (CISOs) at the World Economic Forum’s Annual Meeting on Cybersecurity in 2024 reported that fragmentation of regulations across jurisdictions greatly affects their organisations’ ability to maintain compliance.

Two out of three organisations report moderate-to-critical skills gaps.

50% of hands-on-keyboard incidents in 2024 used valid or exposed credentials for initial access.

Only 13% of respondents said all impacted data was recovered after paying a ransom.

BEC attacks grew by 6% year-over-year in the APAC region.

51% of UK bosses don’t trust their employees to work without online surveillance.

Over half of Brits would quit if they knew they were being surveilled.

Publicly traded companies represented only 7% (221 companies) of all compromised organizations but issued 76% of victim notices in 2024.

Better cyber practices and requirements could have prevented at least 196 compromises and more than 1.2 billion victim notices.