46% of Enterprise Passwords Can Be Cracked | Security Magazine

Picus Security’s latest report highlights a sharp decline in enterprise cyber defence effectiveness, with cracked password hashes found in 46% of environments—up from 25% last year—and data exfiltration prevented in only 3% of these cases. Ransomware remains a major threat, with low prevention rates against strains like BlackByte (26%), BabLock (34%), and Maori (41%). Attacks using valid credentials succeeded 98% of the time, while overall prevention effectiveness fell from 69% in 2024 to 62% in 2025, and just 14% of attacks triggered alerts—indicating most go undetected.