We've curated 12 cybersecurity statistics about Maturity to help you understand how organizations are evolving their cybersecurity practices and frameworks to address emerging threats and strengthen their defenses in 2025.
Showing 1-20 of 25 results
15% of organizations self-identify as 'leading' in cyber hygiene maturity.
28% of Managed Service Providers (MSPs) only revisit applied Microsoft 365 baselines after an incident, indicating lagging security maturity.
51% of organizations report operating at Maturity Level 2 (Implemented: tools are in place but fragmented across teams with limited integration).
46% say a lack of skilled staff is the biggest barrier to maturing their insider risk program.
42% say organizational silos (e.g., Security vs HR vs Legal) is the biggest barrier to maturing their insider risk program.
35% say insufficient budget is the biggest barrier to maturing their insider risk program.
31% say maintenance burden is the biggest barrier to maturing their insider risk program.
23% say user pushback or fear of harming culture is the biggest barrier to maturing their insider risk program.
Only 18% of organizations report achieving Maturity Level 3 (Optimized: Unified strategy, cross-functional governance, behavioral analytics, and integrated enforcement).
38% say privacy or surveillance concerns is the biggest barrier to maturing their insider risk program.
52% say difficulty monitoring SaaS and hybrid work environments is the biggest barrier to maturing their insider risk program.
49% say tool complexity is the biggest barrier to maturing their insider risk program.
51% of organizations are still in planning or basic stages of API security maturity.
30% of organizations reported intermediate maturity in their API security programs, with app sec testing and API gateways in place.
Financial services firms demonstrate strengths in avoiding common, code-level flaws due to mature security programs and automated scanning (SAST/DAST). However, they struggle with vulnerabilities that require human-led testing.
85% of organizations describe their cybersecurity posture as reactive.
1 in 5 organisations still admit their cyber practices are "immature".
64% of industrial organizations classify their OT cybersecurity maturity as foundational.
Only 17% of industrial organizations report mature OT security practices.
19% of industrial organizations identify their cybersecurity maturity as evolving.