Fortra

NIST Cybersecurity Framework (CSF) has a 54% adoption rate, a 5% decrease from the previous year.

38% of organisations considered zero-day attacks a risk, a significant decrease from 50% in 2024.

60% of organisations considered Social Engineering a top security risk, up from the previous year.

U.S. Department of Defense-specific CMMC has a 7% adoption rate.

MITRE ATT&CK has 32% adoption rate.

59% of organisations cited Budgetary Constraints as a top concern.

12% reported adopting cloud-only model adoption.

24% of respondents said they are working with outside partners to build a zero trust roadmap.

83% of organisations identified Phishing/Smishing as a top security concern, an increase from the previous year.

32% of organisations viewed Constantly Changing Threats as a potential roadblock.

58% of organisations were concerned about Accidental Data Loss & Leakage.

47% of respondents are engaging managed services for vulnerability management.

50% of organisations viewed Evolving Technology (e.g., generative AI) as a primary security threat, a 15% increase from the previous year.

ISO 27001 has a 48% adoption rate.

60% reported adopting hybrid model adoption.

45% of decision-makers expressed worry about the potential lack of qualified workers, a 6% increase.

21% of respondents said they are unprepared to move ahead with zero trust due to operational complexities.

Number of organisations using managed security services has risen from 33% to 39%.

71% of organisations cited Malware/Ransomware as a major security risk.

54% of organisations considered Securing Data in the Cloud a top priority, a decrease from 63% in 2024.

19% reported designing all new applications, platforms, and business structures to operate first in the cloud.

23% of respondents did not move to the cloud because they couldn’t get stakeholder alignment.

61% of respondents have already begun the process of vendor consolidation or were planning to start it.

Number of organisations “improving the skills of [their] staff” dropped from 67% to 61%.

29% of respondents already started implementing zero trust.

75% of organisations ranked Improving Security Awareness as a top initiative, an increase from 66% the previous year.

77% of organisations prioritised Identifying and Closing Security Gaps, making it the top security initiative.

51% of organisations prioritised improving security skills, a decrease from 58% last year.

27% of respondents did not move to the cloud due to budgetary constraints.

59% of respondents did not move to the cloud due to security concerns.

Nearly 1 in 4 respondents are somewhat or not confident in their knowledge of what their security tools could do.

60% of respondents are engaging managed services for penetration testing services.

56% of respondents are engaging managed services for email security/anti-phishing.

22% of respondents said they are unprepared to move ahead with zero trust due to a lack of resources and skills.

70% of respondents are using fewer than ten security vendors.