Picus Security Report Flags Weakening Cyber Defenses

Picus Security’s Blue Report 2025 reveals a sharp decline in defensive effectiveness against cyberattacks, with password cracks, stolen credentials and data theft attempts succeeding at alarmingly high rates.
Related To: 
Aug. 12, 2025
3 min read
In 2025, the Blue Report prevention effectiveness score declined to 62%, down from 69% in 2024. This marks a reversal of last yearʼs significant 10-point gain, where scores had improved from 59% in 2023. This yearʼs slip backward suggests that many organizations are now falling behind on maintaining and fine-tuning their security controls.
In 2025, the Blue Report prevention effectiveness score declined to 62%, down from 69% in 2024. This marks a reversal of last yearʼs significant 10-point gain, where scores had improved from 59% in 2023. This yearʼs slip backward suggests that many organizations are now falling behind on maintaining and fine-tuning their security controls.

Picus Security has released the 2025 edition of its Blue Report, which is based on more than 160 million real-world attack simulations. Now in its third year, the report offers a data-driven assessment of security control performance against current threats and describes this year’s findings as the most concerning to date.

According to the report, while cyberattacks continue to grow in both volume and sophistication, defensive effectiveness is declining. In 46% of tested environments, at least one password hash was cracked, and data exfiltration attempts were stopped only 3% of the time, down from 9% in 2024. Picus notes that infostealer malware has tripled in prevalence and that attackers are increasingly bypassing defenses using valid logins.

“We must operate under the assumption that adversaries already have access,” said Dr. Süleyman Ozarslan, co-founder of Picus Security and vice president of Picus Labs. “An ‘assume breach’ mindset pushes organizations to detect the misuse of valid credentials faster, contain threats quickly, and limit lateral movement, which requires continuous validation of identity controls and stronger behavioral detection.”

Key findings from the Blue Report 2025 include:

  • Passwords cracked in nearly half of environments: In 46% of tested environments, at least one password hash was cracked, up from 25% in 2024.

  • Stolen credentials are highly effective: Attacks using valid credentials succeeded 98% of the time.

  • Low prevention of data theft: Only 3% of data exfiltration attempts were blocked, compared with 9% in 2024.

  • Ransomware strains remain difficult to stop: BlackByte had a prevention effectiveness rate of 26%, followed by BabLock at 34% and Maori at 41%.

  • Early detection remains a gap: Prevention effectiveness for discovery techniques such as System Network Configuration Discovery and Process Discovery scored below 12%.

The report also found that overall prevention effectiveness declined from 69% in 2024 to 62% in 2025, reversing last year’s gains. While logging coverage held steady at 54%, only 14% of attacks generated alerts. Picus cites detection rule configuration issues, logging gaps and system integration problems as factors undermining visibility.

Findings in the report are based on millions of simulated attacks executed by Picus Security customers between January and June 2025. The simulations were conducted in live production environments using the company’s Security Validation Platform and analyzed by the Picus Labs and Picus Data Science teams.

Sign up for SecurityInfoWatch Newsletters
Get the latest news and updates.

Related

How Retailers Are Leveraging Security Integration to Combat Loss and Gain Site-Wide Visibility
Mercury Report Reveals Key Trends Shaping the Future of Access Control
Revolutionizing Security with the R&S®QPS Walk2000
Sponsored
Solutions to Prevent Employee Theft and Sabotage
Sponsored