Swimlane

66% of organizations faced a security incident in the past year.

64% of organizations fail to continuously assess vendor and supplier security after onboarding.

64% of organizations report that AI and automation have increased their focus on the basics of cyber hygiene.

73% of organizations take longer than 24 hours to apply critical patches.

41% of organizations rank expanding AI usage and expertise as the top improvement area.

67% of organizations audit user access privileges quarterly or less often.

84% of organizations say AI and automation enhance cyber hygiene.

25% of organizations take between 8 and 30 days to apply critical patches.

92% of organizations that experienced a security incident in the past year believe stronger cyber hygiene could have prevented it.

15% of organizations self-identify as 'leading' in cyber hygiene maturity.

52% of organizations identify the human element, including employee training and awareness, as their greatest weakness.

41% of IT and security decision-makers say budget or resource cuts have led to reduced capacity for detection and monitoring.

79% of U.K. IT and security decision-makers say growing U.S. cybersecurity instability has made them more cautious with U.S.-based vendors.

91% of organisations have taken new steps to protect operational resilience due to waning federal support.

29% of U.K. IT and security decision-makers have delayed or cancelled contracts due to growing U.S. cybersecurity instability.

48% of IT and security decision-makers say budget or resource cuts have led to team restructuring.

52% of IT and security decision-makers say budget or resource cuts have led to increased workloads without added support.

Over half (54%) of organisations have developed internal cybersecurity frameworks independent of government guidance.

85% of security teams have experienced budget or resource-related changes in the past six months.

81% of IT and security decision-makers believe that eroding confidence in public-private coordination will hinder threat intelligence sharing.

86% of IT and security decision-makers warn that the disbanding of the Cyber Safety Review Board will disrupt post-incident coordination.

79% of IT and security decision-makers say federal defunding has increased overall cyber risk.

As a result of U.S. cybersecurity instability, 43% of U.K. IT and security decision-makers have reassessed existing partnerships.

63% of IT and security decision-makers state that recent or anticipated cuts are affecting team structure and staffing plans.

Nearly half (46%) of IT and security decision-makers report reducing their planned security investments for 2025 due to ongoing federal funding instability.

Organisations cited financial penalties (39%), security breaches (36%), and reputational damage (36%) as the top risks of poor compliance management

62% say their audit evidence-gathering process is at least occasionally error-prone.

Over half of organisations (54%) spend more than five hours each week on manual compliance tasks.

90% of organisations are concerned that poor collaboration between GRC and security teams is undermining audit preparation.

96% of organisations say it’s challenging to keep up with the growing number of industry regulations.

Only 29% of all organisations say their compliance programmes consistently meet internal and external standards.

On average, just 39% of the audit evidence process is automated.

92% of respondents rely on three or more tools to gather audit evidence.