54% of firms in the financial services industry still rely on spreadsheets or in-house systems to track security controls.

Compromised third-party vendors (31.6%) was among controls with the highest failure rates in enterprise fraud attacks.

In 88% of major fraud incidents at enterprises, at least one critical control failed, often more.

Email and messaging security (44.6%) was among the controls with the highest failure rates in enterprise fraud attacks.

Threat detection/escalation process (27.85%) was among the controls with the highest failure rates in enterprise fraud attacks.

Bank account validation tools (26.5%) was among the controls with the highest failure rates in enterprise fraud attacks.

Employee security awareness training (32.2%) was among the controls with the highest failure rates in enterprise fraud attacks.

Cybersecurity Controls have been identified as one of the top three "hot" compliance topics for 2025, with 38% of investment adviser firms listing it as a leading priority.

84% of CISOs expressed concern over whether their cyber defenses could withstand an attack from a sophisticated threat actor

58% of respondents said that they are concerned that stricter fraud controls will frustrate consumers.

One in five attacks in 2024 displayed some form of evasive technique designed to evade traditional network and endpoint-based security controls

None of the nearly 93,000 threats analysed in Red Canary's 2025 Threat Detection Report were prevented by customers' expansive security controls.

Critical security controls were found to be either non-compliant with internal security and risk policies or missing from devices 15 percent of the time in the analysed healthcare PCs.

12% of enterprises are waiting for security controls to be ready before deploying AI.

Almost all (94.2% of CISOs) believe that continuous controls monitoring will improve both compliance and security.

48% of enterprises report implementing specific security controls for AI deployments.