TAMPA, Fla.--(BUSINESS WIRE)--ReliaQuest, the leader in AI-powered security operations, today published its Annual Threat Report, which reveals that attackers are moving at greater speed than ever before. Once inside networks, lateral movement can take as little as 27 minutes (48 minutes on average). Meanwhile, security operations are taking greater advantage of tools like AI and automation to speed up defenses -- and notably the rapidly growing power of agentic AI agents.

ReliaQuest customers using automated workflows in 2024 dramatically reduced their mean time to contain (MTTC) cyber threats to as little as 3 minutes, compared to 6.3 hours without automation.

Though attackers are moving faster, they’re still using tried-and-tested methods. Phishing remains the top initial access method. Nearly 30% of reported phishing emails now contain credential harvesters, which lay the groundwork for larger attacks like business email compromise. Enhanced by AI, credential harvesting emails now feature more polished language, fewer errors, and highly convincing designs, making them an increasingly effective and scalable weapon for cybercriminals. The more quickly attackers gain this access, the more quickly they can spread and do real damage to an organization.

“Time is the enemy in cybersecurity,” said Michael McPherson, ReliaQuest Senior Vice President of Technical Operations. “Attackers are moving faster than ever, which means our defenses must speed up as well. Manual responses are no longer sufficient to stop today’s threats. We have to take advantage of automation and AI to stay ahead. Agentic AI is now taking this even further and is capable of processing security alerts 20x faster than traditional methods with 30% greater accuracy at identifying true threats to the business.”

In addition to utilizing automation and AI, ReliaQuest’s research identified five other critical controls that security teams must address to avoid being exposed to threats. These are:

• Improve detections - Insufficient monitoring or logging leaves parts of the system vulnerable, making it impossible to detect or investigate malicious activity.

• Ensure all devices are monitored - Devices without security controls like endpoint protection or monitoring agents create security gaps, providing attackers with open pathways throughout networks.

• Use secure VPNs - VPNs lacking essential protections like multifactor authentication (MFA) or device-based certificates allow attackers to exploit stolen credentials and gain network access.

• Limit external exposure - Vulnerabilities in internet-facing devices serve as entry points for attackers to infiltrate the network.

• Maintain vigilance around social engineering tactics, especially those targeting IT teams - Weak institutional controls make organizations easy targets for social engineering attacks, with 14% of breaches in 2024 involving social engineering for initial access or privilege escalation

Read more in the full ReliaQuest Annual Threat Report here: https://www.reliaquest.com/blog/insights-from-reliaquests-2025-annual-threat-report/

About ReliaQuest

ReliaQuest exists to Make Security Possible. Our Agentic AI-powered security operations platform, GreyMatter, allows security teams to detect threats at the source, contain, investigate and respond in less than 5 minutes – eliminating Tier 1 and Tier 2 security operations work. GreyMatter uses data-stitching, detection-at-source, AI and automation to seamlessly connect telemetry from across cloud, multi-cloud and on-premises technologies. ReliaQuest is the only cybersecurity technology company that delivers outcomes specific to each organization’s unique architecture, technology and business needs. With over 1,000 customers and 1,200 teammates across six global operating centers, ReliaQuest Makes Security Possible for the most trusted enterprise brands in the world. Learn more at www.reliaquest.com.