Business leaders’ bottom-line concerns often conflict with CISOs’ insistence on vital cybersecurity investments. The CISO-board relationship is deepening as they have more opportunities to engage on matters of cybersecurity and enterprise risk. CISOs’ regular presence in the boardroom and their counsel on enterprise risk will strengthen board confidence and alignment.

This year we find that cyber debt continues to build with GenAI, rise of machine identities, and increasing third- and fourth-party risks. This growth in vulnerable identities, boosted by the ongoing AI transformation and pervasive cloud computing, is a here-and-now threat ready to be exploited by bad actors with the AI-powered ability to execute at scale. Perhaps the only thing more disturbing than the emergence of deepfake videos is our collective overconfidence that we won’t be fooled by them.

In this report, nearly half of organizations anticipate a threefold increase in the total number of identities, with machine identities squarely in the driver’s seat (but largely under-secured and over-privileged). This growth in vulnerable identities, boosted by the ongoing AI transformation and pervasive cloud computing, is a here-and-now threat ready to be exploited by bad actors with the AI-powered ability to execute at scale. In the last 12 months, 93% of organizations suffered two or more identity-related breaches.

Security services remained the top category for M&A activity across consulting and MSSP, followed by sectors including Risk & Compliance and SecOps / IR / Threat Intel. While companies have prioritized email security solutions for decades, analysts expect the email security market to grow significantly in the coming years. Advanced threats relating to phishing and social engineering necessitate strong email security to protect employee and company data from threat actors.

In this report our threat researchers have observed significant growth in the breadth, scope, and complexity of threats that organizations are confronting. While it is difficult to be certain exactly how much of this activity is directly attributable to the generative AI boom, we expected to see security leaders expressing concerns about a rise in AI-powered cyber threats.

This report Risk Decisions 360 Emerging Risks That Can Impede Sustainable Company Growth, is the result of extensive research and insights aimed at empowering businesses to make informed decisions in the face of new and evolving risks. We examine critical areas that pose significant potential threats to growth, including cybersecurity, technological advancements, financial volatility and operational disruptions, among others – as well as delve into how business executives and owners view the skills and investment required, and the effectiveness of insurance, in mitigating these risks.

The Global Cybersecurity Outlook 2025 report includes a deeper analysis of the most important drivers of complexity and provides valuable insights into the most pressing cyber challenges in the year ahead and their potential implications for executives. Of large organizations, 54% identified supply chain challenges as the biggest barrier to achieving cyber resilience.

PwC’s 2025 Global Digital Trust Insights revealed significant gaps companies must bridge before achieving cyber resilience. With the attack surface continuing to expand through advances in AI, connected devices and cloud technologies and the regulatory environment in constant flux, achieving cyber resilience at an enterprise level is critical. By addressing these gaps and making cybersecurity a business priority, executives can bridge to a more secure future.

In our 12th annual Data Breach Industry Forecast, our focus covers a wide swath of attacks from the personal (teens exploitation), corporate (increases in internal fraud), national (using dynamic identification as a fraud defense), and global (bad actors pursuing data centers). Spanning all these predictions is the dramatically accelerated speed and scaling of cyberattacks that are AI-enabled. This year’s predictions come from Experian’s long history of helping companies navigate breaches over the past 22 years.

This year’s findings provide a deeper look into the critical challenges and opportunities shaping application security as organizations grapple with growing attack surfaces, tool sprawl, and the rapid adoption of generative AI.

1Password’s 2022 State of Access Report, an annual survey of North American workers’ sentiments and behaviors around cybersecurity and other critical aspects of modern work, reveals that the acute burnout detected in last year’s survey has paved the way for a widespread sense of distraction in a time of “permacrisis.” When security protocols and practices aren’t automated, even the most well-intentioned employees can unwittingly cause a breach.

The OffSec Shift Report reveals how organizations are adapting to bring both defensive and offensive strategies to the cybersecurity battle. The past year was hard on cybersecurity teams. The persistent economic downturn led to 39% of organizations deprioritizing their cybersecurity strategy.

The 3rd edition of the Lucy Study builds on a four-year history of objective comprehensive and robust data. The study lacks precision on the segment of small and micro companies. The number of insured companies - and there analyzed - is not yet sufficient in relation to the number of companies listed by INSEE.

This report presents the main findings with respect to the current state of CISOs. This duality became evident during our recent discussions with about 100 prominent CISOs from across the U.S. and Canada. The new SEC cyber rules and landmark cases that the agency brought against CISOs point to new legal and liability exposure.

IANS and Artico Search conducted their fifth annual CISO Compensation and Budget Research Study. Our analysis of the key drivers behind security budget growth reveals significant increases are often triggered by incidents or breaches, or by rising risks such as those associated with AI adoption.

This study delivers the latest insights into the threat landscape of workplace collaboration and the opportunities presented by the fastest-growing dataset across the enterprise today. As the leading AI data platform for employee listening, Aware analyzes the state of risk across collaboration platforms such as Slack, Teams, Zoom and Workplace from Meta to create awareness around both the risks and opportunities that lie within digital workplace conversations.

In this report, the term security awareness program is used to describe a structured effort to engage, train, and secure your workforce and build a strong security culture. However, many organizations refer to such efforts using different terms, including security behavior and culture, security engagement and influence, security training and education, security communications, or human risk management.

Our research was conducted to understand how the adoption of new AI is affecting the threats stakeholders face, how they are responding, and AI’s role in prevention, threat detection, incident response, and recovery workflows. AI’s effects on the threat landscape are already being felt. A majority of survey participants (74%) report their organizations are seeing significant impacts from AI-powered cyber threats. An even greater majority (89%) believe that AI-powered threats will continue to trouble their organizations well into the future.

This report provides insights into the current state of enterprise cyber risk and the role of AI in it. AI is revolutionizing business and has the potential to significantly improve cybersecurity outcomes. Many already have plans to use integrated AI in cyber tools, especially for inferencing, data analysis, and GenAI conversational systems.

The 2024 State of the Media: Tech Edition is a subsection of that report, zeroing in on the behaviors and perspectives of journalists and media influencers who cover the technology and engineering industry, a pool of over 500 respondents. We examined their specific challenges and implications for the PR professionals seeking to work with them, as well as the potential opportunities. Our respondents provided candid insights into what they want and need from public relations professionals whose organizations and clients strive to build brand awareness, consumer trust, and thought leadership in the technology and engineering sector.

The results of the surveys affect our product strategy and go-to-market methods, and hopefully help organizations engage in deeper conversations with colleagues and teams as they continually consider modernizations to their data protection and cyber-resiliency strategies. This year’s report surveyed 1,200 respondents — comprised of CISOs (or executives with similar responsibility), security professionals, and backup administrators — whose organizations suffered at least one ransomware attack in 2023 to assess different perspectives in the united fight against ransomware.