A report from Picus Security reveals that enterprise passwords have become increasingly vulnerable in the past year, with 46% of environments yielding at least one cracked password hash. In the previous year, 25% yielded at least one cracked password hash.
By performing more than 160 million real-world attack simulations, the research found cyber defense effectiveness is declining while cyberattacks continue to evolve. In environments with at least one cracked password hash, a mere 3% were able to prevent data exfiltration. This represents a decrease from the previous year, in which 9% were able to prevent exfiltration. Meanwhile, ransomware remains a concern in the modern landscape, with certain strains being more difficult for organizations to combat, such as:
- BlackByte, with a prevention rate of 26%
- BabLock at 34%
- Maori at 41%
When cyberattacks leveraged valid credentials, the attacks were successful 98% of the time.
Prevention effectiveness declined over the past year from 69% in 2024 to 62% in 2025. Furthermore, 14% of attacks generated alerts, suggesting that a majority of attacks go under the radar.
Source: Security Magazine