2026 State of Cybersecurity Report: Bridging the Divide

47% of companies use mean time to remediate as a cybersecurity metric.

92% of security professionals say automation reduces their team's mean time to respond.

51% of companies use a cybersecurity exposure score or risk-based index.

48% of security professionals say IT teams do not respond urgently to cybersecurity concerns.

43% of security teams use AI for threat intelligence correlation.

Security professionals are 5.5 times more likely to believe defenders will use AI as effectively as, or more effectively than, threat actors over the next 24 months.

43% of security professionals report high stress.

77% of organizations have been targeted by deepfake attacks.

79% of security professionals say stress harms their physical or mental health.

Security professionals are 2.4 times more likely to believe defenders use AI as effectively as, or more effectively than, threat actors.

60% of security professionals use business impact analysis to inform their risk prioritization.

77% of security professionals express some level of comfort with deploying agentic systems and allowing them to act without human review.

53% of security teams utilize AI for cloud security policy enforcement.

44% of security teams use AI for incident response workflows.

27% of organizations are very prepared for synthetic digital content threats.

42% of security teams use AI for vulnerability response and remediation.

51% of organizations have faced sophisticated, personalized phishing emails powered by deepfake technology.

87% of security professionals say integrating agentic AI is a priority for their teams.

48% say synthetic digital content is a high or critical threat.

There is a 21-point gap between the 48% who say synthetic digital content is a high/critical threat and the 27% who are very prepared.

30% of security professionals are confident that their CEOs could reliably identify a deepfake.

40% of security professionals believe IT lacks an understanding of their organization's risk tolerance.

41% of companies use percentage of exposures remediated as a cybersecurity metric.