# CyberSecStats #58 - Employees selling credentials, decision-maker cyber priorities, Q1 ransomware stats > This week's CyberSecStats roundup: 30+ stats on ransomware disclosure rates in Q1 2026, AI ROI gaps, credential resale, identity at machine speed, and SMB fraud losses. Source: https://fmcybersecurity.com/en/insights/industry/cybersecstats-58/ Locale: English Other locale: https://fmcybersecurity.com/insights/industry/cybersecstats-58-ansatte-selger-passord-og-q1-ransomware-tall/ ## Metadata - Date: 2026-05-12 - Author: fredrik-standahl - Topic: industry - Format: news - Scope: international ## This Week's Cybersecurity Eye-Openers We've pulled 30+ statistics into this newsletter, but if you only have a few seconds to skim it, here are 3 worth thinking about: **1. Most ransomware attacks never get disclosed** Only 1 in 9 ransomware attacks was publicly disclosed in Q1 2026, meaning the vast majority of incidents stay completely hidden from view. **2. Everyone's using AI, but only a few feel like AI is doing what they hoped** 90% of organizations believe employees are using AI, but only 22% say the return on investment has met or exceeded their expectations. **3. Employees sell credentials** 72% of organizations don't detect credential misuse in real time, and more than 1 in 10 employees say they've sold company login details or know someone who has. ## Big Picture Reports ### The State of Agentic Cybersecurity (SimSpace) If you needed more confirmation that confidence in security outcomes is often misplaced, here it is. **High confidence, low scores:** - 78% of security leaders report high confidence in their defenses, even though security teams score as low as 30% in Defensive Security Readiness exercises. - Only 29% of organizations conduct continuous simulation testing. - 73% of organizations are using AI agents in their Security Operations Center at a moderate to high level. [Read the full report here.](https://simspace.com/state-of-agentic-cybersecurity/?ref=cybersecstats.com) ### A 2026 Snapshot On The State Of Data Security (Capital One) A look into how decision-maker priorities are shifting. Interestingly, only a minority sees GenAI as a priority right now, but a majority sees it as being important in the next two years. **Over half can't see their risks:** - 66% of decision-makers said protecting enterprise data at scale is a security priority over the next 12 months. - 52% of leaders are slowed by a lack of automation, nonstandard processes, and siloed decision-making. - 34% of decision-makers said genAI capabilities are paramount to data security today, a figure that increases to 64% as they look two years ahead. [Read the full report here.](https://www.capitalone.com/software/resources/data-security-ai-era-forrester-study/?ref=cybersecstats.com) ### The State of Workforce Password Security in 2026 (Zoho) A look at where password security stands in 2026, with a few obligatory AI-related stats mixed in as well. **Believe it'll help, but can't deploy it:** - 91% of U.S. organizations indicate that AI will strengthen their security posture. - Only 9% of U.S. organizations report being ready to deploy AI-powered security today. - There is an 82-percentage-point gap between AI belief (91%) and AI deployment readiness (9%) in the U.S. [Read the full report here.](https://www.zoho.com/vault/state-of-workforce-password-security-report.html?ref=cybersecstats.com) ## Ransomware ### The State of Ransomware Q1 2026 (BlackFog) Could also be called "the ransomware iceberg." Stats about ransomware from the first quarter of 2026. **Most attacks stay hidden:** - Only one in nine global ransomware attacks was publicly disclosed in Q1 2026. - There were 2,160 undisclosed ransomware attacks identified in Q1 2026. - Data exfiltration occurred in 96% of ransomware attacks in Q1 2026. [Read the full report here.](https://www.blackfog.com/2026-q1-ransomware-report/?ref=cybersecstats.com) ## AI Security & Governance ### AI Pulse Survey (Protiviti) More data points on the reality of AI visibility (i.e., how much orgs know about AI tool use). **Can't see what employees are using:** - 47% of large organizations do not have full visibility into employee AI tool usage. - 65% of organizations report challenges with shadow AI. - Only 40% of organizations have a formal AI governance framework in place. [Read the full report here.](https://www.protiviti.com/sites/default/files/2026-05/aipulse26-vol4-survey-booklet-0426-na-en-protiviti.pdf?ref=cybersecstats.com) ### The State of AI in 2026 (ISACA) Most organizations think employees are using AI, but only 1 in 5 report seeing the ROI they expected. **Everyone's using it, nobody's getting returns:** - 90% believe employees are using artificial intelligence in their organization, but only 22% say AI return on investment has met or exceeded their expectations. - Only 38% of digital trust professionals are confident in their board's understanding of AI risks. - 45% of digital trust professionals noted that AI risks are an immediate priority. [Read the full report here.](https://www.isaca.org/ai-pulse-poll?ref=cybersecstats.com) ### The State of Application Strategy in 2026 (F5) The vast majority of organizations are now running their own AI inference operations and coordinating multiple models in production. **AI inference is production work now:** - 78% of organizations run AI inference themselves. - Organizations coordinate an average of seven AI models in production. - 88% of organizations have faced AI-related security challenges. [Read the full report here.](https://www.f5.com/resources/reports/state-of-application-strategy-report?ref=cybersecstats.com) ## Identity & Access Management ### Identity at Machine Speed (Keeper Security) Data about why managing your identity footprint is getting harder. **Most orgs don't catch credential misuse in real time:** - 89% of senior IT leaders report that managing the growing identity footprint is challenging. - 72% of organizations do not detect credential misuse in real time, often taking hours or sometimes days or weeks to identify unauthorized privileged access. - 51% of U.S. cybersecurity decision-makers identify AI-related Non-Human Identity management and security as a top identity governance gap. [Read the full report here.](https://www.keepersecurity.com/en_GB/resources/insight-report-identity-security-at-machine-speed/?ref=cybersecstats.com) ## Workplace Fraud ### Workplace Fraud Trends 2025 (Cifas) A broader report on workplace fraud trends. But we had to include one stat in particular that will be interesting to security pros... **Are your org's credentials for sale?** - 13% of employees say they've sold or know someone who has sold company login details, often under the belief it's harmless. [Read the full report here.](https://www.cifas.org.uk/workplace-fraud-trends-2025?ref=cybersecstats.com) ## Small Business Security ### Fraud, Scams, and Ransomware: Small Businesses React (Public Private Strategies Institute) Interesting report quantifying the real financial losses small American businesses are experiencing as a result of fraud, scams, and ransomware. **Almost three in four hit by something:** - 72% of small businesses experienced fraud, scams, or ransomware last year. - Average losses for small businesses ranged from nearly $60,000 for payment fraud to more than $90,000 for email compromise. - Among small businesses already targeted, 76% say AI was used in the attack. [Read the full report here.](https://www.ppsi.org/insights/fraud-scams-ransomware-survey?ref=cybersecstats.com) ## Industry-Specific ### Law firm trust in technology report (Integris) How much firms are spending on tech and how quickly they're actually putting it to use. **Email breaches all over the place:** - 63% of law firm decision-makers report a significant email-based security breach in the past 12 months. - 83% of law firm clients say a firm's technology sophistication affects their confidence. - 57% of law firms reported a mobile-related breach. [Read the full report here.](https://integrisit.com/blog/how-law-firm-technology-adoption-is-shaping-client-trust-in-2026/?ref=cybersecstats.com) --- For the full documentation index, see https://fmcybersecurity.com/llms.txt For the complete corpus as a single document, see https://fmcybersecurity.com/llms-full.txt