EN / NB Contact us →
EN / NB

Consulting

Detection and Response

AI

Compliance

Assessments & Testing

Security Products

Featured

Read

News

Events & Webinars

Browse by topic

About us

Contact

Strategy ↗

CyberSecStats #58 - Employees selling credentials, decision-maker cyber priorities, Q1 ransomware stats

This week's CyberSecStats roundup: 30+ stats on ransomware disclosure rates in Q1 2026, AI ROI gaps, credential resale, identity at machine speed, and SMB fraud losses.

5 min read By Fredrik Standahl International

This Week’s Cybersecurity Eye-Openers

We’ve pulled 30+ statistics into this newsletter, but if you only have a few seconds to skim it, here are 3 worth thinking about:

1. Most ransomware attacks never get disclosed

Only 1 in 9 ransomware attacks was publicly disclosed in Q1 2026, meaning the vast majority of incidents stay completely hidden from view.

2. Everyone’s using AI, but only a few feel like AI is doing what they hoped

90% of organizations believe employees are using AI, but only 22% say the return on investment has met or exceeded their expectations.

3. Employees sell credentials

72% of organizations don’t detect credential misuse in real time, and more than 1 in 10 employees say they’ve sold company login details or know someone who has.

Big Picture Reports

The State of Agentic Cybersecurity (SimSpace)

If you needed more confirmation that confidence in security outcomes is often misplaced, here it is.

High confidence, low scores:

  • 78% of security leaders report high confidence in their defenses, even though security teams score as low as 30% in Defensive Security Readiness exercises.
  • Only 29% of organizations conduct continuous simulation testing.
  • 73% of organizations are using AI agents in their Security Operations Center at a moderate to high level.

Read the full report here.

A 2026 Snapshot On The State Of Data Security (Capital One)

A look into how decision-maker priorities are shifting. Interestingly, only a minority sees GenAI as a priority right now, but a majority sees it as being important in the next two years.

Over half can’t see their risks:

  • 66% of decision-makers said protecting enterprise data at scale is a security priority over the next 12 months.
  • 52% of leaders are slowed by a lack of automation, nonstandard processes, and siloed decision-making.
  • 34% of decision-makers said genAI capabilities are paramount to data security today, a figure that increases to 64% as they look two years ahead.

Read the full report here.

The State of Workforce Password Security in 2026 (Zoho)

A look at where password security stands in 2026, with a few obligatory AI-related stats mixed in as well.

Believe it’ll help, but can’t deploy it:

  • 91% of U.S. organizations indicate that AI will strengthen their security posture.
  • Only 9% of U.S. organizations report being ready to deploy AI-powered security today.
  • There is an 82-percentage-point gap between AI belief (91%) and AI deployment readiness (9%) in the U.S.

Read the full report here.

Ransomware

The State of Ransomware Q1 2026 (BlackFog)

Could also be called “the ransomware iceberg.” Stats about ransomware from the first quarter of 2026.

Most attacks stay hidden:

  • Only one in nine global ransomware attacks was publicly disclosed in Q1 2026.
  • There were 2,160 undisclosed ransomware attacks identified in Q1 2026.
  • Data exfiltration occurred in 96% of ransomware attacks in Q1 2026.

Read the full report here.

AI Security & Governance

AI Pulse Survey (Protiviti)

More data points on the reality of AI visibility (i.e., how much orgs know about AI tool use).

Can’t see what employees are using:

  • 47% of large organizations do not have full visibility into employee AI tool usage.
  • 65% of organizations report challenges with shadow AI.
  • Only 40% of organizations have a formal AI governance framework in place.

Read the full report here.

The State of AI in 2026 (ISACA)

Most organizations think employees are using AI, but only 1 in 5 report seeing the ROI they expected.

Everyone’s using it, nobody’s getting returns:

  • 90% believe employees are using artificial intelligence in their organization, but only 22% say AI return on investment has met or exceeded their expectations.
  • Only 38% of digital trust professionals are confident in their board’s understanding of AI risks.
  • 45% of digital trust professionals noted that AI risks are an immediate priority.

Read the full report here.

The State of Application Strategy in 2026 (F5)

The vast majority of organizations are now running their own AI inference operations and coordinating multiple models in production.

AI inference is production work now:

  • 78% of organizations run AI inference themselves.
  • Organizations coordinate an average of seven AI models in production.
  • 88% of organizations have faced AI-related security challenges.

Read the full report here.

Identity & Access Management

Identity at Machine Speed (Keeper Security)

Data about why managing your identity footprint is getting harder.

Most orgs don’t catch credential misuse in real time:

  • 89% of senior IT leaders report that managing the growing identity footprint is challenging.
  • 72% of organizations do not detect credential misuse in real time, often taking hours or sometimes days or weeks to identify unauthorized privileged access.
  • 51% of U.S. cybersecurity decision-makers identify AI-related Non-Human Identity management and security as a top identity governance gap.

Read the full report here.

Workplace Fraud

A broader report on workplace fraud trends. But we had to include one stat in particular that will be interesting to security pros…

Are your org’s credentials for sale?

  • 13% of employees say they’ve sold or know someone who has sold company login details, often under the belief it’s harmless.

Read the full report here.

Small Business Security

Fraud, Scams, and Ransomware: Small Businesses React (Public Private Strategies Institute)

Interesting report quantifying the real financial losses small American businesses are experiencing as a result of fraud, scams, and ransomware.

Almost three in four hit by something:

  • 72% of small businesses experienced fraud, scams, or ransomware last year.
  • Average losses for small businesses ranged from nearly $60,000 for payment fraud to more than $90,000 for email compromise.
  • Among small businesses already targeted, 76% say AI was used in the attack.

Read the full report here.

Industry-Specific

Law firm trust in technology report (Integris)

How much firms are spending on tech and how quickly they’re actually putting it to use.

Email breaches all over the place:

  • 63% of law firm decision-makers report a significant email-based security breach in the past 12 months.
  • 83% of law firm clients say a firm’s technology sophistication affects their confidence.
  • 57% of law firms reported a mobile-related breach.

Read the full report here.

More on Strategy

12 May 2026 · Strategy
How we publish to our website with no admin login

FM publishes through a Cloudflare Workers MCP server, gated by Microsoft Entra. No admin login, no user table, no CMS, no /forgot-password page.

15 Apr 2026 · Strategy
Charlotte AI: what does agentic SOC mean for you?

A look at how CrowdStrike's agentic SOC changes the economics of 24/7 monitoring for SMBs.

11 May 2026 · Compliance
From compliance burden to competitive advantage, in 2-3 weeks

How leadership teams move from compliance uncertainty to documented control in 2-3 weeks, evidence that holds up under investor, customer, or regulatory due diligence.

← Back to all insights
Questions or inquiry? [email protected] Contact us →