London – On Wednesday 26 March, 2025, Horizon3.ai, a global leader in offensive security, released its highly anticipated 2025 Cybersecurity Insights Report. The report, distributed by pressat.co.uk, was compiled by Vice President for EMEA Keith Poyser and offers groundbreaking analysis based on real-world cyberattack techniques conducted at organisations across the globe.
Poyser stated, “This report offers a groundbreaking analysis based on real-world cyberattack techniques conducted at organisations across the globe, delivering invaluable insights.”
The report reveals common security gaps that organisations struggle to close. By analysing exploit trends from 50,000 NodeZero® autonomous security tests run in 2024, along with insights from a survey sample of nearly 800 security leaders and practitioners, the report presents clear evidence of how current security strategies are failing, and what organisations must change to stay ahead of evolving threats.
Horizon3.ai defines offensive security as using real-world attacker techniques to identify and exploit weaknesses across IT environments, proving what’s truly at risk. Unlike passive security, which relies on layered defences with unverified effectiveness, NodeZero autonomously conducts safe, full-scale tests that demonstrate exactly how attackers could compromise critical systems. The result: clear, actionable proof that enables teams to find, fix, and verify vulnerabilities before adversaries strike.
Horizon3.ai highlights key findings from the report, including the fact that despite 98% of organisations using vulnerability scanning, only 34% find it highly effective due to false positives that hinder teams from focusing on real risks. The report also reveals that credential-based attacks remain a major risk, with NodeZero successfully performing credential dumping in over 28,000 cases, demonstrating the widespread risk of weak credential practices and policies.
The report also uncovers that over half of practitioners (53%) and more than a third of security leaders (36%) admit to delaying patches due to operational constraints, leaving critical vulnerabilities open. Furthermore, NodeZero exploited 229 known vulnerabilities nearly 100,000 times in customer environments, demonstrating that many organisations struggle to remediate even widely recognized threats.
Snehal Antani, CEO & Co-Founder of Horizon3.ai, stated, “Security isn’t about reacting – it’s about outpacing your adversary. Too many organisations still confuse compliance for security, falling back on outdated assumptions and annual testing cycles. This report shows what modern defenders already know: you have to think like an attacker, validate like an operator, and build a security program that stands up to real-world pressure.”
The report also reveals that across nine key themes, organisations continue to rely on point-in-time testing, noisy tools, and risk models built on assumptions rather than proof. Each section exposes a recurring failure, from vulnerability overload and delayed patching to ineffective pentests, cloud misconfigurations, and especially credential weaknesses. The report emphasises that fixing these issues requires more than remediation; it demands continuous visibility into identity, access, and privilege exposure.
Stephen Gates, Principal Security SME at Horizon3.ai, stated, “This report is a reality check for security teams. It doesn’t just highlight where defences are failing; it points to a better path forward. If you’re still relying on assumptions, static tools, or annual tests, this data makes it clear: it’s time to evolve. Offensive security isn’t a nice-to-have; it’s the strategy that separates the resilient from the exposed.”
The State of Cybersecurity in 2025: Data-Driven Insights from Over 50,000 NodeZero® Pentests is available now. The report explores the root causes behind today’s most persistent security failures and shows how an offense-driven approach is helping organisations finally close the gaps attackers rely on. Interested parties can download the full report today.
About Horizon3.AI and NodeZero: Horizon3.ai provides a cloud-based platform, NodeZero, enabling organisations and public authorities to run production safe self-attacks on their IT infrastructure to assess their cyber resilience through penetration testing (pentesting). The platform offers affordable, regular autonomous pentesting, making it accessible from small to mid-sized, to large enterprises. Horizon3.ai continuously monitors the cybercrime landscape to ensure that newly discovered vulnerabilities are swiftly integrated into the cloud system. NodeZero not only identifies security flaws but also offers tailored recommendations for remediation. Through this platform, Horizon3.ai helps organisations meet rising regulatory demands for cyber resilience in Governance, Risk & Compliance (GRC), with guidelines recommending an internal self-attack at least once a week.
Trademark Notice: NodeZero is a registered trademark of Horizon3.ai.
Further information: Horizon3.AI Europe GmbH, Prielmayerstrasse 3, 80335 Munich, Web: www.horizon3.ai
PR Agency: euromarcom public relations GmbH, www.euromarcom.de, team@euromarcom.de
 
			 
										 
										 
										 
										 
				 
				 
				