I’ve got some other security data for you.
The EasyDMARC 2025 DMARC Adoption Report reveals significant advancements in email security, highlighting a dramatic increase in DMARC adoption among top domains, which surged from 27.2% to 47.7% between 2023 and 2025. This 75% rise in protected domains reflects a growing awareness of the importance of enforcement policies, with those employing quarantine and reject policies increasing by 50%. The report, based on comprehensive data sources including an analysis of phishing attack patterns and insights from a survey of 980 IT professionals, demonstrates a clear link between national DMARC policies and phishing attack success rates. For example, the United States saw a reduction in successful phishing delivery from 69% to 14% due to mandatory DMARC requirements, while countries without such mandates like the Netherlands experienced a vulnerability increase to 97%.
Cybersecurity professionals are facing significant challenges due to the rapid proliferation of generative artificial intelligence applications, which have led to a sharp increase in data security incidents. According to a report from Palo Alto Networks, incidents related to data loss prevention more than doubled in early 2025, with generative AI-related security incidents now accounting for 14% of all data security incidents across Software as a Service traffic. Organizations are struggling to manage approximately 66 generative AI applications on average, with 10% of these classified as high risk. The lack of visibility into AI usage, often referred to as shadow AI, complicates monitoring and controlling these tools. Experts warn that the use of unvetted generative AI tools can expose companies to data loss, phishing scams, and compliance risks, necessitating tighter security measures and the implementation of a zero trust security framework to mitigate these threats.
Why do we care?
The old threats (email-based phishing) are finally being beaten back—but only where enforced and properly implemented. The new frontier (AI-fueled sprawl) is outpacing defenses because it’s poorly governed, often invisible, and quickly evolving.
For IT providers, this is a cue to double down on two fronts:
- Capitalize on foundational wins (like DMARC) by expanding into managed policy enforcement, reporting, and compliance documentation.
- Establish new services around shadow AI discovery and risk containment—this is the next “security stack” opportunity.
Security has always been a moving target. In 2025, the target isn’t just moving—it’s multiplying. The providers who can track, measure, and control both legacy and emerging risks will define the next wave of strategic cybersecurity services.