Darktrace

80% of phishing attempts analyzed by Darktrace in 2024 impersonated Amazon.

27% of phishing emails observed in 2024 contained over 1,000 characters, indicating the use of generative AI in their creation.

Phishing attempts mimicking US retailers increased by 201% during the week before Thanksgiving (November 15-21) compared to the same week in October.

Phishing attacks exploiting Black Friday increased by 620% in the weeks leading up to the holiday weekend.

54% more phishing emails that spoofed well-known retailers like Macy’s, Walmart, and Target were observed in the week before Thanksgiving compared to the previous week.

66% of cybersecurity professionals identified cloud security as a domain where cybersecurity professionals expect defensive AI to have the biggest impact in the future.

52% of organisations in North America and 43% of organisations in EMEA report having a formal policy for safe and secure use of AI in place.

78% of Chief Information Security Officers (CISOs) globally are seeing a significant impact from AI-powered cyber threats. This is up 5% from last year.

Only 37% of cybersecurity professionals report that they regularly monitor or audit AI usage and outputs.

Only 11% of cybersecurity professionals reported that they plan to increase cybersecurity staff in 2025, down from last year.

84% of cybersecurity professionals reported that they prefer solutions that don't require external data sharing.

Only 42% of cybersecurity professionals reported that they fully understand the types of AI in their current security stack.

60% of CISOs reported they know exactly what AI types are used versus 10% of IT security analysts/operators and 14% of IT security administrators.

87% of cybersecurity professionals indicated they prefer a platform approach over implementing a collection of point solutions.

87% of cybersecurity professionals favour solutions that free up security teams to focus on proactive risk management.

In December 2023, 58% of cybersecurity professionals listed ‘adding AI-powered security tools to supplement existing solutions’ as a top priority for their teams.

56% of cybersecurity professionals admitted they do not fully understand the AI techniques used in their existing security stack

60% of CISOs now feel prepared to defend against AI-powered cyber threats, an increase of 15% from 2024.

At the end of 2023, over half of cybersecurity professionals (60%) reported feeling unprepared for the reality of AI-augmented cyber threats. Twelve months later, by the end of 2024, that number of cybersecurity professionals feeling unprepared had dropped to 45%.

Only 45% of cybersecurity professionals report that they have a formal AI oversight and governance function.

88% of cybersecurity professionals reported that the use of AI is critical to free up time for security teams to become more proactive.

95% of cybersecurity professionals report that their organisation is either currently discussing (50%) or has already implemented (45%) a formal policy for safe and secure use of AI.

64% of cybersecurity professionals reported that they plan to add AI-powered solutions to their security stack in the next year.

55% of cybersecurity professionals identified network security as a domain where cybersecurity professionals expect defensive AI to have the biggest impact in the future.

Among CISOs, only 8% listed ‘increasing security staff’ as a top priority.

95% of all cybersecurity professionals surveyed believe AI can improve the speed and efficiency of their ability to prevent, detect, respond and recover from threats.

70% of phishing emails detected by Darktrace / EMAIL successfully bypassed Domain-based Message Authentication, Reporting, and Conformance (DMARC) verification checks.

Darktrace / EMAIL detected over 30.4 million phishing emailsbetween December 21, 2023, and December 18, 2024.

96% of phishing emails detected by Darktrace / EMAIL utilized existing domains rather than registering new ones.

Darktrace detected over 2.7 million emails with multistage payloads.

55% of phishing emails detected by Darktrace passed through all other existing layers of customer email security.