# CyberSecStats #49 - Life of a CISO in 2026, saying no to ransom demands, European cyber trends and third-party knock-on effects

> CyberSecStats #49: 86% refuse ransom payments, 90 zero-days exploited in 2025, third-party breaches cascading to 5.28 victims per vendor, deepfake voice calls everywhere.

Source: https://fmcybersecurity.com/en/insights/strategy/cybersecstats-49/
Locale: English
Other locale: https://fmcybersecurity.com/insights/strategy/cybersecstats-49/

## Metadata

- Date: 2026-03-10
- Author: fredrik-standahl
- Topic: strategy
- Format: news
- Scope: international

## This Week's Cybersecurity Eye-Openers

Three takeaways from this week's data.

**1. Most companies refused to pay ransoms**

A record 86% of businesses refused to pay ransom demands in 2025, even as initial ransom demands surged 47% year over year.

**2. 90 zero-days exploited in the wild**

Google Threat Intelligence Group tracked 90 zero-day vulnerabilities exploited in the wild in 2025. 48% targeted enterprise-grade technology, and operating systems accounted for 44% of all zero-days.

**3. Third-party breaches keep cascading**

The average number of downstream breach victims per vendor rose from 2.46 in 2021 to 5.28 in 2025, with 433 million people impacted by third-party breaches.

## Big Picture Reports

### The State of Human Risk 2026 (Mimecast)

Organizations universally acknowledge they cannot adequately protect against human-targeted attacks.

**The human vulnerability:**

- 96% of organizations admit they have incomplete protection against human risk.
- 69% see AI-driven attacks as inevitable within 12 months.
- 71% expect negative business impact from attacks via Slack, Teams, Zoom, and similar platforms in 2026.

[Read the full report here.](https://www.mimecast.com/resources/ebooks/state-of-human-risk/?ref=cybersecstats.com)

### 2026 Cyber Claims Report (Coalition)

Businesses are calling ransomware operators' bluff. Refusal rates hit record highs.

**The ransom refusal:**

- A record 86% of businesses refused to pay ransom demands.
- Initial ransom demands surged 47% year over year in 2025.
- Ransomware was the most costly type of cyber claim in 2025, with an average loss of $269,000.

[Read the full report here.](https://www.coalitioninc.com/claims-report/2026?ref=cybersecstats.com)

## Third-Party and Supply Chain Risk

### 2026 Third-Party Breach Report (Black Kite)

A single vendor breach now ripples through more than five downstream organizations on average.

**The cascade effect:**

- Average downstream breach victims per vendor rose from 2.46 in 2021 to 5.28 in 2025.
- 433 million people are publicly disclosed as impacted by third-party breaches.
- The average disclosure window worsened from 76 days in 2024 to 117 days in 2025.

[Read the full report here.](https://blackkite.com/report/2026-third-party-breach-report/?ref=cybersecstats.com)

### Beyond the Black Box (Manifest)

Organizations are generating SBOMs, but most are not using them to manage security.

**The SBOM gap:**

- 60% of organizations generate SBOMs.
- More than half of organizations that generate SBOMs are not consuming or managing them in practice.
- 63% of organizations acknowledge that there is shadow AI within their organization.

[Read the full report here.](https://www.manifestcyber.com/beyond-the-black-box-ai-report?ref=cybersecstats.com)

## AI

### AI-Augmented Cybersecurity Performance Data (Hack The Box)

AI augmentation is delivering measurable productivity gains for cybersecurity teams.

**The AI advantage:**

- AI-augmented teams improve the solve rate for cybersecurity challenges by 70% within the same time window.
- AI advantage peaks at 3.89x for mid-level operators on medium-difficulty cybersecurity tasks.
- AI-augmented teams achieve a 27% solve rate for cybersecurity challenges, versus 16% for top human-only teams.

[Read the full report here.](https://www.hackthebox.com/ai-augmented-cyber-workforce-report?ref=cybersecstats.com)

## Cybersecurity Workforce

### 2026 CISO-Board Engagement (IANS, Artico Search, and The CAP Group)

CISOs are getting more board time, but the quality of strategic dialogue remains inconsistent.

**The engagement gap:**

- 95% of CISOs provide regular updates to the board.
- Only 30% of boards describe their relationship with the CISO as strong and collaborative.
- 53% of boards indicate that reporting on the impact of evolving threats needs improvement.

[Read the full report here.](https://www.iansresearch.com/resources/ians-board-relationships-report?ref=cybersecstats.com)

### The 2026 State of the Cybersecurity Workforce Report (Seemplicity)

Cybersecurity leaders are working what amounts to a sixth day every week as AI reshapes their role.

**The burnout signal:**

- 45% of U.S.-based cybersecurity leaders work 11 or more extra hours per week, and 20% work 16 or more hours weekly.
- 44% say their role feels emotionally exhausting more often than rewarding.
- Despite this, 94% would still choose cybersecurity as a career.

[Read the full report here.](https://seemplicity.ai/papers/2026-state-cybersecurity-workforce-report/?ref=cybersecstats.com)

### Pentester Profile Report (Cobalt)

Professional penetration testers prefer structured testing over bounty programs for finding serious vulnerabilities.

**The testing model divide:**

- 58% of professional pentesters rank PTaaS as the most effective model for uncovering complex vulnerabilities.
- Only 15% rank public bug bounties as the most effective way to uncover complex vulnerabilities.
- 30% of all bug bounty submissions are invalid or low-value noise.

[Read the full report here.](https://resource.cobalt.io/pentester-profile-report?ref=cybersecstats.com)

## Zero-Day Vulnerabilities

### 2025 Zero-Days in Review (Google Threat Intelligence)

Zero-day exploitation patterns are shifting toward enterprise-grade technology and operating systems.

**The zero-day picture:**

- Google Threat Intelligence Group tracked 90 zero-day vulnerabilities exploited in the wild in 2025.
- 48% of 2025's zero-days targeted enterprise-grade technology.
- Operating systems, both desktop and mobile, were the most exploited product category, accounting for 44% of all zero-days.

[Read the full report here.](https://cloud.google.com/blog/topics/threat-intelligence/2025-zero-day-review?ref=cybersecstats.com)

## Industrial Security

### The State of Industrial Remote Access 2026 (Secomea)

Industrial organizations are overconfident about their remote access security as vendor risks multiply.

**The remote access blind spot:**

- Only 43% of organizations in manufacturing and critical infrastructure report full audit trails of vendor sessions.
- Where IT/OT alignment weakens, vendor-related incident exposure nearly triples.
- Organizations managing 21 to 100 external vendors report the highest incident exposure levels.

[Read the full report here.](https://secomea.com/guides/the-state-of-industrial-remote-access/?ref=cybersecstats.com)

### 2026 State of Industrial AI Report (Cisco)

Cybersecurity concerns are holding back AI adoption in industrial sectors, even as most organizations expect AI to improve their security posture.

**The industrial AI paradox:**

- 40% of organizations in industrial sectors cite cybersecurity concerns as a top obstacle to AI adoption.
- 48% identify security as their biggest networking challenge.
- 85% expect AI to improve their cybersecurity posture.

[Read the full report here.](https://www.cisco.com/site/us/en/solutions/networking/industrial-iot/industrial-networking-report/index.html?ref=cybersecstats.com)

## Consumer Scams and Fraud

### State of the Call (Hiya)

Deepfake voice technology has moved from theoretical threat to everyday reality for Americans.

**The deepfake voice picture:**

- One in four Americans has received a deepfake voice call in the past 12 months.
- 24% of Americans are not sure they could tell the difference between a deepfake voice call and a real call.
- About 49% of Americans have either received an AI voice deepfake call or cannot distinguish one from a real call.

[Read the full report here.](https://www.hiya.com/en-gb/state-of-the-call?ref=cybersecstats.com)

### How E-Commerce Scams are Shaping Consumer Behavior (Clutch)

Online shopping scams have become so prevalent that they are changing how consumers make purchasing decisions.

**The e-commerce scam picture:**

- 71% of consumers have encountered a scam or attempted scam while shopping online.
- 92% of consumers say they are concerned about the influence online scams have on their purchasing decisions.
- 58% of consumers report seeing a fake ad impersonating a well-known brand.

[Read the full report here.](https://clutch.co/resources/ecom-scams-survey?ref=cybersecstats.com)

### Tax Scams Hit Nearly 1 in 4 Adults (McAfee)

Tax season is prime time for scammers targeting confused and anxious filers.

**The tax scam surge:**

- Nearly 1 in 4 Americans (23%) have fallen victim to a tax scam.
- Only 29% of Americans feel very confident they could recognize a tax scam.
- Nearly 1 in 5 Americans say they have lost money to a tax scam, with victims losing an average of $1,020.

[Read the full report here.](https://www.mcafee.com/blogs/security-news/tax-season-scams-2026-red-flags-irs-impersonation/?ref=cybersecstats.com)

## Industry-Specific

### 2026 Healthcare Email Security Report (Paubox)

Healthcare organizations are being breached through email systems with basic misconfigurations that should have been caught years ago.

**The email security gap:**

- 56% of breached healthcare organizations had permissive or missing SPF records (9% missing, 46% soft fail).
- 41% of breached healthcare organizations fell into a high-risk category based on their email configuration, up from 31% in 2024.
- 53% of email-related healthcare breaches occurred on Microsoft 365.

[Read the full report here.](https://www.paubox.com/resources/the-2026-healthcare-email-security-report?utm_campaign=39343925-LGN.202602.CyberSecStats&utm_source=css&utm_content=emailsecurityreport)

### Banking Trust and Technology Report (Integris)

Banks are preparing for sizable technology investments.

**The banking security picture:**

- 51% of banking executives report a sizable email-based breach in the past year.
- 50% report a mobile-related breach in the past year.
- 45% expect technology budgets to increase by 40% or more, with some projecting 50 to 80% growth.

[Read the full report here.](https://integrisit.com/lp/2026-banking-report/?ref=cybersecstats.com)

## Regional Spotlight

### European Cyber Report 2026 (Link11)

DDoS attacks have become a near-constant threat, with organizations under attack most days of the year.

**The relentless assault:**

- The longest recorded DDoS attack lasted 12,388 minutes (over eight days).
- On average, 2.8 follow-up DDoS attacks occurred after an initial incident, an 80% increase compared to the previous year.
- The number of documented DDoS attacks in the Link11 network rose by 75% in 2025, after a 137% increase the previous year.

[Read the full report here.](https://www.link11.com/en/european-cyber-report/?ref=cybersecstats.com)

---

For the full documentation index, see https://fmcybersecurity.com/llms.txt
For the complete corpus as a single document, see https://fmcybersecurity.com/llms-full.txt