Appendix A: AI Risk Perception

Survey results showing how organizations perceive the risks of employees using AI tools without IT oversight. Data collected from 250 IT security professionals in Q1 2025.

70% believe it’s a major risk, emphasizing the security concerns around unauthorized AI usage, data exposure, and lack of governance. 25% think the benefits outweigh the risks, but acknowledge that proper security controls are needed, and 5% are unsure, indicating a lack of awareness about the potential risks.

Appendix B: Overprivileged Access and Security Risks

Survey results showing how often LOB employees retain unnecessary elevated access. 

Privilege abuse is a bigger problem than many organizations realize. 50% of respondents admit that employees frequently retain unnecessary elevated access, making them vulnerable to insider threats and security breaches.

What’s concerning is that only 5% of organizations strictly enforce least privilege policies, meaning most enterprises are struggling with privilege ‘creep’, employees holding onto access they no longer need.

We followed up with another poll to understand the obvious consequences of overprivileged access: a security breach, and here’s what we found out:

28% of respondents shared that they’ve experienced a major security incident due to overprivileged access, while another 15% were able to catch and resolve it just in time.

On the flip side, this also highlights growing awareness. Many organizations are recognizing the importance of addressing these risks early. However, 15% still lack visibility into potential privilege abuse, an area with clear room for improvement. After all, what you can’t see, you can’t secure.

The encouraging news? 42% of respondents already have strong privilege controls in place. And for those still working through blind spots, this data offers a clear path forward: with better visibility and governance, privileged access can be effectively managed, enabling teams while keeping security intact.

Appendix C: Security Incidents Across Various Industries

Results showing how security incidents differ across various industries based on the ecosystem they operate. Data collected from CloudEagle.ai customers and prospects in Q1 2025.

Not all sectors face the same risks. Industries handling sensitive financial, healthcare, or customer data are naturally bigger targets.

By analyzing industry-wise security incidents, we can uncover which sectors are most at risk, why they’re being targeted, and what organizations can do to strengthen their security posture.

Government, finance, and healthcare are taking the biggest hits when it comes to security incidents. Public administration leads the pack with 3,660 incidents and 330 breaches, making it a prime target for nation-state attacks and ransomware.

Finance follows closely with 1,020 incidents and 337 breaches, as cybercriminals chase financial data for fraud. Healthcare isn’t far behind, with 367 breaches, a clear sign that medical data remains a goldmine for attackers.

Education and manufacturing are also seeing growing risks, likely due to weak security controls and supply chain attacks.

Appendix D: Employee Onboarding Challenges

Survey results highlighting the key factors that hinder IT teams from achieving a streamlined employee onboarding process. Data collected from CloudEagle.ai customers and prospects in Q1 2025.

The poll results confirm that the lack of automated workflows is the biggest bottleneck in employee onboarding.

Meanwhile, role-based access complexity (10%) adds friction, making it harder to grant the right permissions quickly. Lack of structured training (5%) is the least concerning issue, suggesting that the real challenge lies in streamlining access, not just onboarding education.

Appendix E: Temporary Access Sprawl

Survey results showing how often access is retained by temporary workers long after their task is completed. Data collected from CloudEagle.ai customers and prospects in Q1 2025.

Certain team members often need short-term access to sensitive systems, making timely deprovisioning essential for maintaining a secure environment.

Yet, many IT teams don’t revoke this temporary access promptly. 67% report that temp workers retain access beyond their assignment, and in 27% of cases, it lasts for weeks or even months, highlighting a clear opportunity to strengthen offboarding processes.

On the bright side, 10% of companies have already implemented timely access revocation for temporary staff using just-in-time access controls, setting a strong example.

With the right automation and governance in place, the rest can easily follow suit, closing security gaps, enhancing compliance, and building a more secure access management framework for all worker types.