40% of the more than 10,000 Model Context Protocol (MCP) servers created in under a year had no license in 2025.

82% of the more than 10,000 Model Context Protocol (MCP) servers interact with sensitive APIs, creating additional vulnerabilities in 2025.

About 75% of the more than 10,000 Model Context Protocol (MCP) servers were built by individuals without enterprise-grade protections in 2025.

66% of education leaders are aware of privacy concerns as an AI cybersecurity risk.

Awareness of potential AI-related cybersecurity risks is reassuringly high (83%) among education leaders.

65% of education leaders are aware of data leakage as an AI cybersecurity risk.

69% of education leaders are aware of student misuse as an AI cybersecurity risk.

65% of education leaders are aware of misinformation as an AI cybersecurity risk.

Awareness of potential AI-related cybersecurity risks is reassuringly high (83%) among education leaders.

68% of CISOs consider supply chain risk and generative AI security to be top concerns, viewing them as intertwined challenges that are redefining the attack surface.

51% of middle market organisations stated they outsourced cybersecurity risk and compliance management. Other leading functions outsourced include cyber incident response and forensics (46%), the security operations center (46%), security awareness training (44%), and vulnerability management (44%).

The exposure factor of rooted devices versus stock devices varies from 3x to ~3000x, which suggests that rooted devices are potentially much more vulnerable to threats than stock devices.

Security and privacy risks were a reason for turning off AI functionality, cited by 55%

42% of respondents indicated a data breach/leakage was a common privacy failure.

63% of enterprise leaders believe AI increases API security risk.

41% indicated not practicing privacy by design was a common privacy failure.