87% of IT and security leaders plan to change Identity and Access Management (IAM) providers or have already begun the process

Roughly 29% of reviewed iOS shopping apps access user data without declaring it in their App Store Privacy Overview.

58% of organizations cited security concerns as the primary driver for switching IAM providers

In 2025, only 28% of IT and security leaders believed they could fully recover from a cyber incident in 12 hours or less, down from 43% in 2024

65% of leaders have modified their strategies in response to new data sovereignty regulations.

51% of firms identified data discovery as a top priority for improving audit readiness and control visibility.

69% of cyber incidents in 2024 targeted central governments in the EU.

52% of organizations lack a formal AI governance framework.

66% of risk leaders stated they have reviewed and updated their IT and cyber risk management strategy in response to major disruptions such as the Crowdstrike outage or MOVEit breach

38% of organizations addressed the specific issue that enabled the ransomware attack

22% of organizations that experienced a ransomware attack were able to recover within 24 hours

21% of organizations that paid ransom were still unable to recover all data

38% of organizations fixed the issue that allowed attackers to enter after a ransomware attack

Nearly 40% of organizations were unable to fully restore the data they lost from ransomware attacks

Fewer than 25% of organizations that experienced a ransomware attack recovered from the attack within 24 hours.

61% of organizations successfully restored from backups after their most recent incident.

58% of manufacturing and production organizations rated themselves as very well prepared, but only 12% recovered from ransomware attacks within the same day.

Over 40% of organizations reported using AI or automation to support threat detection and alerting in response to a ransomware incident

39% of organizations could not fully recover from backups after their last ransomware incident.

93% of organizations that paid ransoms learned that data was exfiltrated despite payment.