Companies are spending more on security but remain more exposed than ever, with credential abuse and third-party breaches driving the majority of attacks.