Unit 42 has published its annual Global Incident Response Report (full report available here).The report spotlights key trends from over 750 major cyber incidents managed by Unit 42 across 50 countries, and provides actionable guidance to defend against emerging and notable attack techniques.
Key data from this year’s report:
- AI has become a force multiplier for threat actors – Attackers moved from AI experimentation to operationalization. Unit 42 saw that with AI, exfiltration speeds for the fastest attacks increased from nearly 5 hours to just 72 minutes (a 4x increase).
- Identity drives initial access –Identity weaknesses played a material role in nearly 90% of our investigations. Agentic identity management makes this challenge even more complex as non-human identities are often over-privileged and inconsistently monitored. 65% of initial access is driven by identity-based techniques such as social engineering, while vulnerabilities account for 22% of initial access in all attacks.
- Software supply chain risk has expanded to include the misuse of trusted connectivity. Attacks involving third-party SaaS applications have surged 3.8x since 2022, accounting for 23% of all attacks, as threat actors abuse OAuth tokens and API keys for lateral movement.
- Attack complexity is increasing – 87% of intrusions span multiple attack surfaces, with as many as 10 in some complex investigations. Threats are rarely confined to a single environment, and attackers often coordinate actions across endpoints, networks, cloud services, SaaS platforms, and identity systems. This creates complexity by forcing defenders to keep visibility across all of these areas simultaneously.
- The browser is a primary battleground – Nearly 48% of incidents included browser-based activity. That reflects how often modern attacks intersect with routine workflows like email, web access, and day-to-day SaaS use, turning normal user behavior into an attack vector.
- Extortion is moving beyond encryption – Encryption-based extortion declined to 78% of incidents, down from 92% the year before, as more attackers skip encryption and move straight to data theft and disruption. From the attacker’s perspective, it’s faster, quieter, and creates immediate pressure without the signals defenders once relied on to detect ransomware attacks.
Additionally, Palo Alto Networks announced Managed XSIAM 2.0 (MSIAM) the managed evolution of Cortex XSIAM SOC transformation platform. As the Incident Response Report highlights, attacks can now unfold in under an hour, and MSIAM delivers 24/7 AI-driven SOC operations with continuous and high-speed threat hunting, response, and remediation.
Like this:
Like Loading...
Related
This entry was posted on February 17, 2026 at 11:02 am and is filed under Commentary with tags Palo Alto Networks. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New 2026 Global Incident Response Report from Unit 42
Unit 42 has published its annual Global Incident Response Report (full report available here).The report spotlights key trends from over 750 major cyber incidents managed by Unit 42 across 50 countries, and provides actionable guidance to defend against emerging and notable attack techniques.
Key data from this year’s report:
Additionally, Palo Alto Networks announced Managed XSIAM 2.0 (MSIAM) the managed evolution of Cortex XSIAM SOC transformation platform. As the Incident Response Report highlights, attacks can now unfold in under an hour, and MSIAM delivers 24/7 AI-driven SOC operations with continuous and high-speed threat hunting, response, and remediation.
Share this:
Like this:
Related
This entry was posted on February 17, 2026 at 11:02 am and is filed under Commentary with tags Palo Alto Networks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.