51% of respondents confirmed experiencing a security incident that demanded a dedicated response from security teams in the past 12 months.

96% of organizations reported at least one security breach in the past year.

The Asia-Pacific (APAC) region experienced the largest share of security incidents in 2024 at 34%.

Compromised network edge devices account for a quarter of the initial compromises of businesses in cases that could be confirmed from telemetry.

84% of C-suite leaders report that their organisation experienced a cybersecurity incident in the past three years.

57% of CISOs are more likely than the rest of the C-suite (47%) to say their organisation has experienced a cybersecurity incident due to cybercriminals in the past three years.

Russell 3000 companies experiencing a cyber incident typically see their stock price decrease by 1.5% over the following 90 days.

47% of CISOs say their organisation has experienced a cybersecurity incident due to inside threats in the past three years, compared to the rest of the C-suite (31%).

75% of CISOs say their organisation experienced a decrease in cybersecurity incidents following increased investment in AI, compared to the rest of the C-suite (68%).

The rest of the C-suite (77%) is more likely than CISOs (69%) to attribute success in decreased cybersecurity incidents to increased investments in employee cybersecurity training.

In the past 12 months, 87% of Canadian organisations have reported experiencing a security incident.

There has been a 10% year-over-year increase in the length of downtime per security incident on Canadian organizations.

Canadian organisations conducting annual security testing indicated an average of 23 incidents and 33 breaches in their cloud environments compared to 25 incidents and 29 breaches respectively for those without regular testing .

Of the financial institutions who experienced a vendor-related cyber incident, 8% had recovery times more than 90 days .

49% of financial institutions experienced a vendor-related cyber incident in the past year.

Of the financial institutions who experienced a vendor-related cyber incident, 66% had recovery times under 60 days .

More than a third (35%) of UK SMEs experienced a cyber incident in 2024 alone.

One in five attacks in 2024 displayed some form of evasive technique designed to evade traditional network and endpoint-based security controls

Despite unprecedented spending on security solutions, 88% of organisations experienced cybersecurity incidents in the last 12 months. 43% endured multiple breaches.

76% of organisations cannot produce a complete data asset inventory within hours when needed for compliance or security incidents.