Published August 2025

Executive summary

Threats against identities and their protections are worsening. Cybercriminals are more interested in stealing and abusing compromised credentials, organizations often can’t detect exposed credentials on the dark web, and visibility into the actions and behaviors of service accounts is lacking. Threat actors are increasingly leveraging social engineering for compromising credentials. Internally, most organizations lack the optics and processes to detect identity-led threats.

New identity security solutions are emerging to protect identities—both human and non-human—by layering additional protections on identity and access management tools. These include solutions for visibility, governance, and autonomous remediation. While the organizations in this research claim high maturity for current identity security deployments, evidence of high maturity is lacking for most. All organizations must urgently revisit their identity security protections, deploy new or advanced solutions to strengthen identity security posture, and reduce exposure to the negative implications of identity-led threats.

Request a copy

Published March 2025

Executive summary

CISOs and CIOs are prioritizing cloud infrastructure security, internal cybersecurity talent, and the ethical control of data in 2025. The threat environment continues to change, with AI-driven cyberthreats escalating the potential damages on the offensive side in parallel with tightening cybersecurity insurance requirements forcing a recalibration of the defensive side.

More organizations are experiencing a higher number of cybersecurity incidents each year, which drives the need to re-assess the efficacy of current posture against the organization’s desired standard of performance. Having done so, the CISOs and CIOs in this research are investing in protections to shore up the critical areas above. In addition to the overall prioritization of cybersecurity areas, we offer a more nuanced analysis of CISO and CIO priorities within the areas of applications, cloud platforms and services, identities, and data.

Request a copy

Published November 2024

Executive summary

The cyberthreat landscape is transforming rapidly as threat actors exploit artificial intelligence (AI) to drive attack sophistication and evasion techniques. As a result, security leaders are increasingly turning to AI-powered defensive tools to effectively combat the growing volume and sophistication of AI-enabled attacks.

This report explores the evolving use of AI in both offensive and defensive cybersecurity operations, providing actionable insights based on recent survey data from 125 security leaders in the United States. Three conclusions stand out:

• AI is already a key enabler of advanced cyberattacks. Attackers are leveraging AI to automate and scale attacks, increase the evasion of current security controls, and accelerate attack velocity. Generative AI in particular is giving attackers the ability to create highly targeted, polymorphic phishing campaigns and more sophisticated malware strains that evade detection.
• Defenders are moving quickly but face challenges. While 80% of security leaders agree that AI is essential for countering malicious AI, the deployment of effective AI defenses remains uneven. Defensive AI technologies like behavioral analysis and semi-supervised machine learning are gaining traction, but cybercriminals maintain a clear lead in areas like generative adversarial networks (GANs).
• AI’s impact on cybersecurity professionals is transformative. AI offers the potential to automate routine tasks, freeing cybersecurity professionals to focus on strategic initiatives such as threat hunting, incident response, and defense hardening. However, there is still work to be done in integrating AI into a cohesive long-term cybersecurity strategy, with only 70.4% of leaders ranking strategic alignment as a high priority.

Request a copy

Published October 2024

Executive summary

Security operations centers (SOCs) play a critical vanguard role in defending organizations against offensive security threats. For the SOCs in this research, the number of security alerts continue to increase—and this is without full visibility of their attack surface. Alert volume is only going to worsen as threat actors make increasing use of AI to power the next generation of novel and sophisticated cyberattacks. Organizations are fully cognizant that the technical innovations that have driven increased SOC performance in recent years will not sustain performance against the next wave of AI-powered attacks.

Counteracting emerging sophisticated threats and driving the next horizon of effectiveness and efficiency for the modern SOC require organizations to take a much more proactive approach in adopting AI-powered defenses, including behavior analysis, threat detection against baseline deviations, and alert triage.

Request a copy

Published September 2024

Executive summary

Data breaches and ransomware attacks make headlines every day in the mainstream news. These articles routinely comment on the need for multi-factor authentication (MFA), especially if it wasn’t used. This emphasis can give the impression of MFA as a silver bullet, and that using it can easily prevent breaches. However, the reality is more complex. It is more accurate to say that while the presence of MFA reduces the likelihood of a breach, not all MFA is created equal, and the risk of data breaches continues to rise even as organizations implement MFA.

Despite these challenges, we strongly advise organizations to continue using MFA. Instead of abandoning it, organizations should focus on improving and strengthening how MFA is implemented—including the types of MFA being used. This should be part of a broader effort to reinforce security measures throughout the entire authentication process, ensuring that every step is as secure as possible given the risks involved.

Request a copy

Published August 2023

Executive Summary

Email is one of the most common ingress points into organizations for threat actors. As organizations have implemented email security solutions and trained employees to recognize email attacks, threat actors have pivoted to more advanced methods that bypass protections. They have also embraced artificial intelligence (AI) to make attacks more scalable and personalized while also less detectable. 

Email security vendors are using AI in their defensive tools to stop attacks that leverage new and emerging attack methods in email. Many organizations have gained AI-enabled protections by virtue of their incumbent email security vendors adding AI capabilities to strengthen defensive posture. In addition, most have gone shopping for new solutions offering AI to bolster the baseline protections offered by cloud email providers. 

When purchasing AI-enabled solutions to strengthen email security, organizations want the ability to protect more than just email, automated mitigation and remediation of identified threats, and next-generation capabilities to safeguard employees, the organization, and its customers, suppliers, and business partners.

Request a Copy

Published May 2023

Executive Summary

Organizations collect, process, and store a wide range of data on individuals— including data that is personal, sensitive, related to healthcare and education, and financial. In addition to data collected with the knowledge of individuals, the widespread adoption of new digital channels for people to meet, share, and shop has dramatically increased the scope for organizations to capture data surreptitiously. Current and emerging regulations set a baseline expectation that organizations will, firstly, protect all such data appropriately, and secondly, extend a set of rights to the individuals whose data has been collected, processed, and stored. The implications of elevated privacy requirements are reverberating inside organizations across many industries.

This white paper reports on how organizations in the United States and Canada are meeting the requirements of current and emerging privacy regulations.

Request a Copy

Sponsored by BlackFog, Cerby, OpenText Cybersecurity, Quest, and SonicWall

Executive summary

CISOs and CIOs view cybersecurity as a significantly higher priority than two years ago and are investing in multiple areas to meet escalating regulatory demands, protect new digital channels, and counteract ongoing cyber incidents. Improving protections for cloud services and platforms is the top-rated priority (attacks against cloud services were the most-seen incident type during the past year), followed by protections against ransomware attacks. CISOs and CIOs see a range of issues within apps, cloud platforms, data, and on-premises infrastructure requiring ongoing and higher investment in 2023. They are budgeting accordingly.

The data presented in this white paper is from a survey of CISO and CIO respondents at 284 organizations in the United States with more than 1,000 employees. 

Request a Copy

Published October 2022

Executive summary

This white paper could start by reviewing the college that closed permanently after a ransomware attack or the large school district that suffered an incident during a recent holiday weekend. Or it could focus on how critical infrastructure—such as water treatment plants, pipelines, and meat processing plants—are increasingly under attack. We could even comment on the increase in ransom demands.

We are not going to do any of the above—at the beginning of this white paper or anywhere else. While there are important lessons to take from each of these situations, we will leave that analysis to others.

This white paper takes a different approach. It starts by quickly establishing the current context on ransomware before moving into an analysis of where current and best practices diverge. We’ll look at eight areas where many organizations remain susceptible to ransomware attacks, outline new and emerging solutions or approaches that can be used to bolster controls and protections, and offer a report card for self-assessment by organizations. Most report cards are additive (the “better” level also requires the “baseline” controls, and the “best” level requires the controls from all three levels) while two are based on maturity (low, medium, and high).

The first four areas focus on defending against ransomware attacks, the final three focus on recovering after an attack, and the fifth area does double duty for defending and recovering. By the end of this white paper, decision-makers and influencers charged with evaluating and selecting cybersecurity solutions should have a better idea of their organization’s readiness (or not) to counteract ransomware.

Request a copy

Published April 2022

Executive summary

Organizations have proven more adept in protecting their own confidential and sensitive data than the personal and sensitive data of customers and employees. With data available on 15 billion individuals (including duplicates) from more than 100,000 data breaches, there is no shortage of data available to fuel identity theft, financial fraud, and other malicious threats. Privacy regulations have become a key tool for regulators and governments to force organizations to pay more attention to the data collected, processed, stored, and shared on individuals—much of it gained through new ubiquitous digital channels. Privacy regulations define common standards of performance rather than leaving best practice up to individual organizations.

With the emergence of new privacy regulations to complement others that have been in force for several decades, the purpose of this study was to understand how organizations in the United States are responding.

Request a copy