Trellix

47% of CISOs report being completely confident that AI-powered security tools can effectively defend against autonomous, AI-driven cyberattacks.

94% of CISOs agree that emerging threats are forcing them to rethink and reprioritize their cybersecurity and infrastructure strategy.

97% of CISOs agree that hybrid infrastructure provides greater resilience and risk management capabilities than relying solely on cloud or on-premises environments.

88% of CISOs agree that the convergence of OT and IT security exposes new challenges that many organizations are not yet prepared to address.

96% of Chief Information Security Officers (CISOs) agree that the convergence of operational technology (OT) and information technology (IT) security is essential for protecting critical infrastructure from emerging threats.

40% of CISOs plan to invest in OT/IT security convergence over the next 12 months as part of their hybrid infrastructure strategies.

Transportation and shipping ranked second in detections by Trellix, accounting for 27.6% of all threats detected from April 1 to September 30, 2025.

Manufacturing represented 41.5% of all Trellix detections of threats targeting operational technology from April 1 to September 30, 2025.

The utilities, energy/oil and gas, and aerospace and defense industries combined accounted for 21.5% of all detections by Trellix between April 1 to September 30, 2025.

PowerShell was the primary attack vector with 96,061 detections by Trellix, followed by Cobalt Strike with 85,986 detections targeting the IT-to-OT boundary.

The average time from vulnerability disclosure to patch deployment in operational technology environments exceeds 180 days, compared to 30 days for traditional IT systems.

There were 333 ransomware attacks detected by Trellix specifically targeting critical infrastructure sectors from April 1 to September 30, 2025.

85% of CISOs say their organization's cybersecurity budget is influenced by the volume of nation-state threats.

A majority (89%) of CISOs are frequently asked about nation-state threats by their CEO and/or the board.

Over half (60%) of organizations have yet to fully integrate threat intelligence into their wider cybersecurity strategy.

Nearly all CISOs (98%) face barriers when acting on threat intelligence.

82% of CISOs report their organization's approach to threat intelligence collecting requires significant improvement or complete overhaul.

28% of CISOs report limited automation makes it difficult to integrate tools into their threat intelligence programs.

When asked about the top challenges when acting on threat intelligence, 45% of CISOs said keeping pace with evolving threats.

When asked about the top challenges when acting on threat intelligence, 39% of CISOs said integration issues.

Global threat detection volume from APT (Advanced Persistent Threat) actors rose 45% at the beginning of this year.

87% of CISOs say their organization's cybersecurity strategy is influenced by the volume of nation-state threats.

Nearly all CISOs agree threat intelligence is essential for identifying and mitigating emerging cybersecurity threats (94%).

The majority of CISOs (95%) agree being part of a threat intelligence sharing community or network improves their ability to prepare for threats.

When asked about the top challenges when acting on threat intelligence, 38% of CISOs said regulatory constraints.

79% of CISOs report their organization's approach to threat intelligence incorporating requires significant improvement or complete overhaul.

80% of CISOs report their organization's approach to threat intelligence monitoring requires significant improvement or complete overhaul.

78% of CISOs report their organization's approach to threat intelligence analyzing requires significant improvement or complete overhaul.

One-third of CISOs (33%) agree AI-driven analytics would help them perform their responsibilities more effectively.

Organizations with a proactive approach to threat intelligence (44%) are considerably more likely to use advanced threat detection technologies over the next 12 months, compared to those with a reactive approach (56%).

37% of CISOs agree increased levels of automation would help them perform their responsibilities more effectively.

89% agree a CISO community would enable security leaders to navigate high-stakes decisions through trusted insights and shared experiences

When asked about the top challenges when acting on threat intelligence, 45% of CISOs said keeping pace with evolving threats.

82% of CISOs report their organization's approach to threat intelligence collecting requires significant improvement or complete overhaul.

78% of CISOs report their organization's approach to threat intelligence analyzing requires significant improvement or complete overhaul.

79% of CISOs report their organization's approach to threat intelligence incorporating requires significant improvement or complete overhaul.

80% of CISOs report their organization's approach to threat intelligence monitoring requires significant improvement or complete overhaul.

Of APT activity directed at the U.S., 47% was attributed to China and 35% to Russia-aligned groups.

AI-based tools for sale in the cybercriminal underground were found for as little as 30 cents USD

The technology sector saw a 119% increase in APT-related detections in Q1 2025 compared to Q4 2024.

Global threat detection volume from APT actors rose 45% from Q4 2024 to Q1 2025.

China-aligned APT41 showed a 113% increase in activity in Q1 2025 relative to the previous quarter.

Advanced persistent threat (APT) detections targeting the U.S. in Q1 2025 were 2.4 times or 136% higher than the level seen the prior quarter.

China's APT40 and Mustang Panda generated 46% of all detected APT activity.

Russia-aligned APT29 (Midnight Blizzard) directed most of its activities towards transportation and shipping (55%) and telecommunications (40%).

APT detections targeting the telecommunications sector increased 92% in Q1.

The U.S. was the reported victim in 58% of ransomware posts.