46% of Enterprise Passwords Are Vulnerable to Cracking

Picus Security recently released The Blue Report™ 2025, based on more than 160 million real-world attack simulations. Now in its third year, the report provides a data-driven assessment of how well security controls perform against today’s threats — and this year’s findings are the most concerning to date.

While cyberattacks grow in both volume and sophistication, defensive effectiveness is declining. This year’s data paints a particularly grim picture: in 46% of environments, at least one password hash was successfully cracked, and data exfiltration attempts were only stopped 3% of the time, down from 9% in 2024. Combined, these trends show how quickly a single compromised credential can open the door to lateral movement and large-scale data theft. With infostealer malware tripling in prevalence and attackers increasingly bypassing defenses using valid logins, organizations face escalating risk from persistent and nearly invisible threats.

“We must operate under the assumption that adversaries already have access,” said Dr. Süleyman Ozarslan, co-founder of Picus Security and VP of Picus Labs. “An ‘assume breach’ mindset pushes organizations to detect the misuse of valid credentials faster, contain threats quickly and limit lateral movement — which requires continuous validation of identity controls and stronger behavioral detection.”

Key Findings:

Passwords cracked in nearly half of environments: In 46% of tested environments, at least one password hash was cracked — up from 25% in 2024 — highlighting continued reliance on weak or outdated password policies.

Stolen credentials are practically unstoppable: Attacks using valid credentials were successful 98% of the time, making techniques like Valid Accounts (MITRE ATT&CK T1078) one of the most reliable ways to bypass defenses undetected.

Data exfiltration prevention is near zero: Only 3% of data theft attempts were blocked — down 3x from 2024 — even as ransomware operators and infostealers ramp up double-extortion attacks.

Ransomware remains a top concern. BlackByte continues to be the hardest strain to prevent, with a prevention effectiveness rate of just 26%. BabLock and Maori followed at 34% and 41%, respectively.

Early detection is a significant blind spot. Discovery techniques like System Network Configuration Discovery and Process Discovery scored below 12% in prevention effectiveness, exposing gaps in detection efforts.

The Blue Report 2025 also reveals that prevention effectiveness declined from 69% in 2024 to 62% in 2025, reversing last year’s gains. And while logging coverage held steady at 54%, only 14% of attacks generated alerts, meaning most malicious activity still goes unnoticed. Failures in detection rule configuration, logging gaps and system integration continue to undermine visibility across security operations. The decline highlights how quickly defenses can degrade without continuous oversight and validation of security controls.

Featured

  • Nothing Artificial About this Intelligence

    I have been looking forward to this year’s GSX show in New Orleans, the Cresent City, or if you prefer The Big Easy. It seems like quite a while since we’ve been here. Twenty years ago, ASIS, as it was known then was literally washed out of the city by someone known as Katrina. It is a good thing to come back to NOLA. Read Now

  • From Monitors to Mission Control

    Security Operations Centers (SOC) were once defined by rows of static monitors, each displaying a single feed with operators quietly watching for issues. That model has become obsolete. Incidents evolve too quickly, data comes from multiple locations, and decisions must be made in seconds—not minutes. Read Now

  • New Gas Monkey Garage Venue Uses AI-Enhanced Video Technology

    Gas Monkey Garage, the automotive custom shop and entertainment brand founded by Richard Rawlings of Fast N’ Loud TV fame, has opened a vibrant new restaurant and bar in South Dakota, equipped with advanced, AI-enhanced video tech from IDIS Americas. Read Now

  • Data Driven, Proactive Response

    As cities face rising demands for smarter policing and faster emergency response, Real Time Crime Centers (RTCCs) are emerging as essential hubs for data-driven public safety. In this interview, two experts with deep field experience — Ross Bourgeois of New Orleans and Dean Cunningham of Axis Communications — draw on decades of operational, leadership and technology expertise to share how RTCCs are transforming public safety through innovation, interagency collaboration and a relentless focus on community impact. Read Now

  • Integration Imagination: The Future of Connected Operations

    Security teams that collaborate cross-functionally and apply imagination and creativity to envision and design their ideal integrated ecosystem will have the biggest upside to corporate security and operational benefits. Read Now

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.