67% of retail executives who reported high-profile breaches indicated that cybersecurity has become a higher priority on the C-suite agenda in 2025.

34% of retailers stated that their organization has suffered a breach in the past 12 months.

75% of German organizations reported experiencing an identity breach in the last three years.

45% of organizations indicated that the cost of an identity-related breach exceeded the typical cost of a breach as defined by IBM.

24% of organizations reported that the costs of an identity-related breach exceeded $10 million, which is a three-percentage-point increase compared to the previous year.

69% of organizations globally experienced an identity-related breach in the last three years, marking a 27-percentage-point increase compared to the previous year.

107 email-related HIPAA breaches were reported to the Department of Health and Human Services in just the first half of 2025.

In one enforcement case, a clinic was fined $25,000 for a single message that contained protected health information (PHI) and was sent to the wrong person without encryption

Data breaches accounted for 17.4% of cyber incidents affecting public administration in the EU in 2024.

Identity-related breaches impacted 69% of global organizations in 2026, up from 42% the previous year.

24% of global organizations indicated that costs from identity-related breaches exceeded $10 million, a three-percentage-point increase from the previous year.

69% of global organizations experienced an identity-related breach in the last three years, marking a 27-percentage-point increase from the previous year.

Only 56% of Japanese respondents reported experiencing an identity-related breach in the past three years.

Around eight in ten organizations report at least one data breach in the past year, both in on-premises infrastructure (78%) or in the public cloud (79%).

40% of organizations reported that customer and/or employee data was compromised, stolen, or held to ransom in the past year.

66% of risk leaders stated they have reviewed and updated their IT and cyber risk management strategy in response to major disruptions such as the Crowdstrike outage or MOVEit breach

Just 16% of MSSP-supported financial services firms require two to four weeks to contain a breach.

67% of family offices demonstrated the highest level of concern about outdated infrastructure and their ability to recover from a data breach (compared to 50% average).

11% of leaders at financial services firms say they are unprepared to recover effectively from a Vendor or third-party breach.

25% of internal shared-resource financial services firms require two to four weeks to contain a breach.