Ivanti

47% of companies use mean time to remediate as a cybersecurity metric.

92% of security professionals say automation reduces their team's mean time to respond.

51% of companies use a cybersecurity exposure score or risk-based index.

48% of security professionals say IT teams do not respond urgently to cybersecurity concerns.

43% of security teams use AI for threat intelligence correlation.

Security professionals are 5.5 times more likely to believe defenders will use AI as effectively as, or more effectively than, threat actors over the next 24 months.

43% of security professionals report high stress.

77% of organizations have been targeted by deepfake attacks.

79% of security professionals say stress harms their physical or mental health.

Security professionals are 2.4 times more likely to believe defenders use AI as effectively as, or more effectively than, threat actors.

60% of security professionals use business impact analysis to inform their risk prioritization.

77% of security professionals express some level of comfort with deploying agentic systems and allowing them to act without human review.

53% of security teams utilize AI for cloud security policy enforcement.

44% of security teams use AI for incident response workflows.

27% of organizations are very prepared for synthetic digital content threats.

42% of security teams use AI for vulnerability response and remediation.

51% of organizations have faced sophisticated, personalized phishing emails powered by deepfake technology.

87% of security professionals say integrating agentic AI is a priority for their teams.

48% say synthetic digital content is a high or critical threat.

There is a 21-point gap between the 48% who say synthetic digital content is a high/critical threat and the 27% who are very prepared.

30% of security professionals are confident that their CEOs could reliably identify a deepfake.

40% of security professionals believe IT lacks an understanding of their organization's risk tolerance.

41% of companies use percentage of exposures remediated as a cybersecurity metric.

72% of companies have automated basic IT operations such as security patch management

Office workers experience 2.7 security update disruptions per month.

51% of security teams with a documented framework for identifying risk tolerance state that it is not closely followed.

37% of executive leaders and cybersecurity professionals report an inability to uphold basic security practices due to tech debt.

62% of executive leaders and cybersecurity professionals claim that silos slow down security response times.

83% of security teams claim to have a documented framework for identifying risk tolerance.

Among security and leadership professionals, 1 in 3 consider tech debt a serious concern.

49% of security professionals believe their company leaders have a high level of understanding of exposure management.

More than 1 in 3 (38%) of security professionals predict that ransomware will become even more dangerous when powered by AI.

Only 29% of security professionals report being very prepared for ransomware attacks.

Only 22% of organisations report increasing investments in exposure management in 2025.

43% of executive leaders and cybersecurity professionals say their systems are more susceptible to security breaches due to accumulated tech debt.

53% of executive leaders and cybersecurity professionals note that silos lead to weakened security postures.