Report by Palo Alto Unit 42

2026 Global Incident Response Report

8 FINDINGSPublished Feb 17, 2026
View Original Report →

Key Findings

Encryption-based extortion declined by 15% compared to the previous year.

Palo Alto Unit 422026 Global Incident Response Report·2mo ago
EncryptionExtortion

Many organizations run 50 or more security products.

Palo Alto Unit 422026 Global Incident Response Report·2mo ago
Security OperationsTool SprawlSecurity Tools

Nearly 48% of incidents include browser-based activity.

Palo Alto Unit 422026 Global Incident Response Report·2mo ago
Browser Security

In the fastest cases, attackers moved from initial access to data exfiltration in 72 minutes, four times faster than the previous year.

Palo Alto Unit 422026 Global Incident Response Report·2mo ago
Initial AccessData Exfiltration

Identity weaknesses play a material role in nearly 90% of investigated incidents.

Palo Alto Unit 422026 Global Incident Response Report·2mo ago
IdentityAccess Management

Attackers leverage third-party SaaS applications in 23% of incidents.

Palo Alto Unit 422026 Global Incident Response Report·2mo ago
SaaS

Misconfigurations or gaps in security coverage materially enable attacks in over 90% of incidents.

Palo Alto Unit 422026 Global Incident Response Report·2mo ago
MisconfigurationGaps In Security Coverage

87% of intrusions involve activity across multiple attack surfaces.

Palo Alto Unit 422026 Global Incident Response Report·2mo ago
Attack Surface