42% of respondents of UK IT leaders cited external threats (such as phishing, spoofing, and spam) as their bigest email security challenge.

About 50% of small healthcare organisations lack anti-phishing controls beyond default spam filters.

32.7% of security leaders pointed to not using a PAM (Privileged Access Management) solution as a common misstep in privileged access management

More than half (53%) of organisations that have implemented Privileged Access Management (PAM) reported improved protection of sensitive data.

94% of organisations now operate in hybrid or cloud-first environments.

In the U.S., the number of IT and security leaders with a PAM solution reporting a reduction in security incidents tied to privilege misuse was 53%.

PAM implementation complexity was cited as a top challenge by 44% of IT and security leaders globally.

Among non-PAM users, 8% still store credentials in spreadsheets.

13% of organisations audit privileged access only once a year or less

Globally, 49% of IT and security leaders with a PAM solution reported a reduction in security incidents tied to privilege misuse.

2.1% of teams at financial organizations have no visibility into how long it takes to revoke access to high-risk systems requiring elevated privileges after an employee exits or changes roles.

33.9% of teams at financial organizations use role-based access with limited audit trails for access to high-risk systems requiring elevated privileges.

35.3% of teams at financial organizations automate access to high-risk systems requiring elevated privileges with real-time logging.

30.7% of teams at financial organizations still rely on manual approval for access to high-risk systems requiring elevated privileges.

52% of teams at financial organizations manage 10–20 high-risk systems requiring elevated privileges.

31% of teams at financial organizations revoke access to high-risk systems requiring elevated privileges in hours, while 38% do it instantly.

24% of email messages overall are now malicious or unwanted spam.

92% of the emails processed by VIPRE were spam.

Of all PDFs used in malicious spam, 42% used obfuscated URLs, 28% hid their URLs in PDF streams, and 7% were delivered in an encrypted form along with a password.