# CyberSecStats #59 - 93% use AI agents for sensitive tasks, MySQL exposure, and when compliance cancels work

> This week's CyberSecStats roundup: 30+ stats on AI agents accessing data beyond scope, ransomware recovery times, identity breaches, MySQL exposure, and the exception economy.

Source: https://fmcybersecurity.com/en/insights/strategy/cybersecstats-59/
Locale: English
Other locale: https://fmcybersecurity.com/insights/strategy/cybersecstats-59/

## Metadata

- Date: 2026-05-19
- Author: fredrik-standahl
- Topic: strategy
- Format: news
- Scope: international

## This Week's Cybersecurity Eye-Openers

This week's newsletter carries 30+ statistics. If you only have a minute to skim, here are three worth thinking about.

**1. AI agents are already touching data they shouldn't**

67% of organizations using AI agents suspect those agents have already accessed data beyond their intended scope. Only 7% believe their controls would prevent a compromised agent from operating.

**2. Most CISOs would consider paying the ransom**

58% of cybersecurity leaders would consider paying cybercriminals to end a ransomware attack. Not a single CISO in the survey could recover from ransomware within a day.

**3. Identity breaches hit most organizations**

71% of organizations suffered at least one identity-related breach in the past year. Mean recovery cost reached $1.64 million, with a median of $750,000.

## Big Picture Reports

### Quarterly Threat Report, Q1 2026 (Beazley Security)

Q1 2026 saw double-digit growth in exploitation activity. Exploited vulnerabilities went up. Compromised credentials drove most ransomware intrusions.

**Big jump in exploitation:**

- Exploited vulnerabilities rose 43% in the first three months of 2026.
- Vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog increased 43% in Q1 2026 compared with Q4 2025.
- Compromised credentials accounted for 74% of ransomware intrusions observed by Beazley Security investigators in Q1 2026.

[Read the full report here.](https://beazley.security/insights/quarterly-threat-report-first-quarter-2026)

### The Exception Economy Report (Replica Cyber)

Every organization grants security exceptions to keep the business moving. Some kill the project entirely when the security cost is too high.

**Everyone makes exceptions:**

- 100% of organizations grant security or compliance exceptions to allow high-risk digital work to proceed.
- 39% of organizations delay or cancel market expansion, product launches, M&A, or AI deployment because the work cannot be conducted securely.
- 20% of high-risk digital work is canceled outright due to exposure or compliance constraints.

[Read the full report here.](https://replicacyber.com/the-exception-economy/?ref=cybersecstats.com)

### 2026 ASM Index (Intruder)

Databases and admin panels keep ending up on the public internet. Most of it by accident.

**Databases exposed everywhere:**

- 26% of organizations leave MySQL databases exposed to the internet.
- More than 1 in 7 organizations expose API documentation to the internet.
- 49% of organizations expose risky ports and services.

[Read the full report here.](https://www.intruder.io/blog/attack-surface-exposures?ref=cybersecstats.com)

## AI Security

### 2026 State of AI Agent Identity Security (Akeyless)

AI agents are running with more access than they should have, and most organizations cannot tell when one is compromised.

**Already accessing unauthorized data:**

- 67% of organizations using AI agents suspect those agents have already accessed data beyond their intended scope.
- It takes an average of 14 hours to detect a compromised AI agent.
- Only 7% of organizations believe their controls would prevent a compromised agent from operating.

[Read the full report here.](https://www.akeyless.io/ebooks/state-of-ai-agent-identity-security-report/?ref=cybersecstats.com)

### Human Behavior, the AI Risk Surface GRC Can't Ignore (Optro)

AI-enabled attacks are climbing. Most organizations cannot see, catalog, or block the AI tools their employees are using.

**Can't see it, can't block it:**

- 82% of IT, security, audit, and GRC professionals report an increase in AI-enabled attacks over the last 12 months.
- Only 34% of organizations maintain a formal AI model inventory.
- Only 18% of organizations automatically block unauthorized AI domains.

[Read the full report here.](https://optro.ai/resources/ebook/human-behavior-the-ai-risk-surface-grc-cant-ignore?ref=cybersecstats.com)

### 2026 Global AI Report, A Playbook for Private and Sovereign AI (NTT Data)

Most organizations call private and sovereign AI a priority. Few have moved past the slide deck.

**Everyone says it matters, few are doing it:**

- More than 95% of organizations say private and sovereign AI are important.
- Only 29% of organizations are prioritizing sovereign AI in a concrete, near-term way.
- More than half of organizations cite integration complexity as their top challenge.

[Read the full report here.](https://services.global.ntt/en-us/campaigns/2026-global-ai-report-private-and-sovereign-ai-playbook?ref=cybersecstats.com)

### The State of Identity Security in the AI Era (Semperis)

Organizations are handing AI agents the keys: password resets, VPN access, SSH and encryption keys on local machines. Very few are confident they could get the keys back.

**Handing it over:**

- 93% of organizations already use or plan to use AI agents for sensitive security tasks such as password resets and VPN access.
- Only 32% of organizations globally are very confident they could regain control if AI exposes admin credentials.
- 92% of organizations have AI installed on at least some local machines with access to SSH and encryption keys.

[Read the full report here.](https://www.semperis.com/the-state-of-identity-security-in-the-AI-era/?ref=cybersecstats.com)

## Ransomware

### The Resilient CISO, the Ransomware Reality (Absolute Security)

Useful benchmark for ransomware readiness. The numbers also explain why so many leaders quietly say they would pay.

**Nobody recovers in a day:**

- 58% of cybersecurity leaders would consider paying cybercriminals to end a ransomware attack.
- 57% of CISOs report taking as long as six days to recover from a ransomware attack.
- No CISOs report the ability to recover from ransomware within a day.

[Read the full report here.](https://www.absolute.com/ebook/the-resilient-ciso-ransomware-reality?ref=cybersecstats.com)

## Email Security

### 2026 Email Threats Report (Barracuda)

Email remains the dominant attack channel. Account takeover is no longer a rare event.

**Email is still the front door:**

- One in three email messages is malicious or unwanted spam.
- 48% of malicious email activity is phishing.
- 34% of companies experience at least one account takeover incident every month.

[Read the full report here.](https://www.barracuda.com/reports/2026-email-threats-report?ref=cybersecstats.com)

## Identity Security

### The State of Identity Security 2026 (Sophos)

Identity-related breaches now hit most organizations. They are also expensive to clean up.

**Identity breaches are everywhere:**

- 71% of organizations suffered at least one identity-related breach in the past year.
- 67% of ransomware victims confirmed their ransomware incident stemmed from an identity attack.
- Mean recovery cost for identity-related incidents reached $1.64 million, with a median of $750,000.

[Read the full report here.](https://www.sophos.com/en-us/resources/report/the-state-of-identity-security-2026?ref=cybersecstats.com)

### 2026 Identity Security Landscape (Palo Alto Networks)

AI agents are now everywhere, and identity-related breaches are too. The correlation is not subtle.

**Machine identities are the new perimeter:**

- 99% of respondents say their organization already uses AI agents.
- 90% of organizations report a successful identity-related breach in the last 12 months, with 83% seeing it happen at least twice.
- Over the next 12 months, organizations expect AI agents to grow by 85% and machine identities by 77%, compared to 56% growth in human identities.

[Read the full report here.](https://www.paloaltonetworks.com/idira/idira-identity-security-landscape?ref=cybersecstats.com)

## Consumer Scams

### Scam Intelligence and Impacts Report 2026 (F-Secure)

Consumers are hit constantly. The share who lose money has doubled in a year.

**Loss rates doubled:**

- 56% of consumers encounter scam attempts at least monthly.
- 52% of scam victims lose money, more than twice the 2025 rate.
- Nearly 40 million U.S. consumers report being scam victims in the past year.

[Read the full report here.](https://www.f-secure.com/en/partners/insights/scam-intelligence-and-impacts-report-2026?ref=cybersecstats.com)

### Fraud in America Has Diverged by Generation (Abrigo)

Younger Americans worry about deepfakes and peer-to-peer scams. Older Americans worry about impersonation. Both age groups are right.

**Different generations, different threats:**

- 1 in 5 Americans experienced bank fraud in the past 12 months.
- More than half of Americans under 35 are concerned about deepfake scams.
- Over 60% of Americans over 55 are concerned about impersonation scams.

[Read the full report here.](https://www.abrigo.com/news/fraud-in-america-has-diverged-into-two-distinct-challenges-across-age-groups-new-abrigo-survey-finds/?ref=cybersecstats.com)

## Middle Market Security

### US Middle Market Business Index Special Report, Cybersecurity 2026 (RSM)

Mid-market executives sound very confident, even though one in four was hit by ransomware this year. Cyber spending growth is also slowing.

**Confidence high, governance lagging:**

- 96% of middle-market executives express confidence in their cybersecurity posture.
- Nearly 1 in 4 middle-market organizations reported a ransomware attack or ransom demand in the past year.
- 81% of middle-market organizations plan to increase cybersecurity spending in the year ahead, down from 91% the previous year.

[Read the full report here.](https://rsmus.com/middle-market/cybersecurity-mmbi.html?ref=cybersecstats.com)

## Industry-Specific

### Operational Technology Faces Heightened Cyber Risk (NCC Group)

Hard data on what the industrial sector absorbed last year. Ransomware operators are not slowing down on capital goods and industrial targets.

**Industrials under attack:**

- Industrial organizations accounted for an average of 29.6% of all ransomware activity in the 12 months from March 2025.
- Industrial organizations experienced 2,073 ransomware attacks in that 12-month window.
- Capital goods organizations alone experienced 1,192 ransomware attacks in the same period.

[Read the full report here.](https://www.nccgroup.com/newsroom/operational-technology-faces-heightened-cyber-risk-with-the-industrials-sector-experiencing-thousands-of-attacks-per-year-warns-ncc-group/?ref=cybersecstats.com)

### 2026 Financial Services Threat Landscape Report (CrowdStrike)

North Korean groups had a strong year stealing digital assets. Financial services saw a sharp rise in hands-on intrusions across two years running.

**DPRK-nexus actors stole big:**

- DPRK-nexus actors drove a 51% year-over-year increase in digital asset theft in 2025.
- 423 financial services organizations appeared on dedicated leak sites, a 27% year-over-year increase.
- Hands-on keyboard intrusions against financial institutions spiked 43% globally and 48% in North America over the past two years.

[Read the full report here.](https://www.crowdstrike.com/en-us/resources/reports/crowdstrike-2026-financial-services-threat-landscape-report/?ref=cybersecstats.com)

## Regional Spotlight

### Cyber Security Sectoral Analysis 2026 (Department for Science, Innovation and Technology, UK)

The UK cyber sector keeps expanding: more firms, more revenue, more jobs.

**UK sector growing:**

- 2,603 firms are now active in UK cyber security, an increase of 438 firms (20%) from 2,165.
- Total annual revenue in the UK cyber security sector reached £14.7 billion, a nominal rise of about 11% on the previous year.
- Approximately 69,600 full-time equivalent employees work in cyber security roles across UK firms, an increase of about 2,300 jobs (3%) in the last 12 months.

[Read the full report here.](https://www.gov.uk/government/publications/cyber-security-sectoral-analysis-2026/cyber-security-sectoral-analysis-2026?ref=cybersecstats.com)

---

For the full documentation index, see https://fmcybersecurity.com/llms.txt
For the complete corpus as a single document, see https://fmcybersecurity.com/llms-full.txt