Bitsight

Rapidly expanding attack surfaces are cited by 38% of cybersecurity and cyber risk leaders as a reason for increased difficulty in managing cyber risk today vs five years ago.

Just 28% of organisations say they are "very effective" at communicating cyber risk to leadership.

Cybersecurity and cyber risk leaders at organizations without full threat visibility have a burnout rate of 63%.

Organisations with strong asset visibility are 2.5 times more likely to communicate cyber risk effectively to the board

Nearly all organisations (99%) assess vendor risk.

Just 17% of organisations have tools to regularly map threats and contextualise them for full visibility.

Cybersecurity and cyber risk leaders at organizations with full threat visibility experience a significantly lower burnout rate of 44%.

Only 17% of organisations have the capability for continuous monitoring, despite it being a top priority.

Only a third of organisations monitor third-party relationships over time.

The percentage of breaches tied to third parties doubled from the previous year.

90% of surveyed cybersecurity and cyber risk leaders find managing cyber risks harder today than five years ago.

The explosion of AI is cited by 39% of cybersecurity and cyber risk leaders as a reason for increased difficulty in managing cyber risks today vs five years ago.

1 in 5 organisations still admit their cyber practices are "immature".

Just 29% of organisations have a formal cyber program that is truly aligned with business objectives.

47% of cybersecurity and cyber risk professionals report exhaustion (burnout).

14.5 million compromised credit cards listed on underground markets in 2024. This represents a 20% increase over 2023

There was a 43% increase in data breach data shared on underground forums in 2024.

There was a 25% increase in ransomware attacks in 2024.

There was a 53% increase in the number of ransomware group leak sites in 2024.

Nearly 20% of data breach victims were U.S. organizations.

2.9 billion unique sets of compromised credentials identified in 2024. This is an increase from 2.2 billion in 2023.

ByteDance Group (TikTok's parent company) is connected to 35.4% of the U.S. market.

Providers outperform consumers in four of six security standards – including DMARC, SPF, DKIM, and DNSSEC.

Providers lag behind consumers in areas such as patch management, open ports, insecure systems, and botnet infections

Technology providers use 2.5x more products than consumers.

Technology providers have 10x more internet-facing assets than consumers.

One-third of the U.S. supply chain relies on software or services from companies formally designated by the Department of Defense as "Chinese Military Companies".

Two-thirds of the U.S. supply chain depends on companies with at least expected ties to Chinese state-linked entities.