Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

Cyentia Institute

Below you will find reports with the source of “Cyentia Institute”

image from 2024 State of Threat and Exposure Management Report

2024 State of Threat and Exposure Management Report

In this report we begin by examining the prevalence of those vulnerabilities across assets to determine which ones are most common. Then we measure how quickly those vulnerabilities are remediated and what factors speed up or slow down that process. We’ll begin our foray into the wilds of the vulnerability landscape by examining the product vendors that shape it. This is important because these technologies are commonly used, thus vulnerabilities affecting them can have a widespread impact on cyber risk posture.

(more available)
Added: October 15, 2024
image from The 2024 State of Exposure Management

The 2024 State of Exposure Management

This report presents key insights drawn from hundreds of thousands of attack path assessments conducted through the XM Cyber Continuous Exposure Management (CEM) platform during 2023. These assessments uncovered over 40 million exposures affecting 11.5 million entities deemed critical to business operations. Data gathered from the XM Cyber platform were anonymized and provided to Cyentia Institute for independent analysis to generate the insights.

(more available)
Added: May 7, 2024
image from The State of Third-Party Risk Management

The State of Third-Party Risk Management

This new study makes it clear that enterprise demands have certainly continued to grow since then. Organizations place greater strategic priority on TPRM to contribute to a widening scope of enterprise risk that extends beyond cybersecurity. It’s also clear from these results that supply chains are expanding as is the need to efficiently assess risk across those business relationships. Respondents tell us they’re increasingly relying on automated assessments and risk ratings to meet that demand.

(more available)
Added: April 3, 2024
image from Prioritization to Prediction, Vol. 9

Prioritization to Prediction, Vol. 9

This latest installment of the Prioritization to Prediction research series, created by the Cyentia Institute and sponsored by Cisco (formerly commissioned by Kenna Security), does just that: It explores the KEV and gives some context to what it means (and doesn’t mean) for other organizations. Moreover, we demonstrate how the KEV can fit into any risk-based vulnerability management program. In fact, here are some key findings, but you’ll really want to read the whole report to get the good stuff.

(more available)
Added: August 7, 2023
image from CISC Engagement and Decision Drivers Study Report II, 2nd Half, 2022

CISC Engagement and Decision Drivers Study Report II, 2nd Half, 2022

In this report, we dive into measuring engagement, along with the most popular content types, and a roundup of the events that resonated most with audiences, offering key marketing takeaways on everything from intent topics to what has generated the most engagement through Q3 2022. We have also highlighted the brands generating the most engagement from their content marketing efforts. And we factor in how newsworthy cybersecurity events impact audience engagement, and content preferences.

(more available)
Added: August 3, 2023
image from Balancing Third-Party Risk

Balancing Third-Party Risk

This report is different in that we’re focusing on explicit relationships that are manually configured by organizations using RiskRecon’s platform. In other words, we’re examining curated portfolios of vendors and suppliers tracked as part of organizations’ third-party risk management program. We started with a dataset extracted from RiskRecon’s platform consisting of over 100,000 primary organizations and more than 300,000 monitored third-party relationships. We’re focusing on direct relationships in this report, but the data supports the analysis of indirect (fourth- to nth-party) relationships.

(more available)
Added: May 23, 2023
image from The Fast and the Frivolous

The Fast and the Frivolous

The Fast and the Frivolous uses a massive dataset from SecurityScorecard that spans 1.6 million organizations. We analyze billions of internet-exposed assets to measure the speed of vulnerability remediation over a three-year period. In this report, you’ll find some of the lessons we learned.

(more available)
Added: April 25, 2023
image from Navigating The Internet Risk Surface

Navigating The Internet Risk Surface

In this risk surface series, RiskRecon, a Mastercard Company, and Cyentia have worked to help third-party risk managers understand how to measure and manage risk. We’ve seen variation across industries and other slices. But not all firms are interchangeable. A payroll processor cannot be replaced with a janitorial supply company, at least not with good business outcomes! In this report, we look at what distinguishes top-performing firms from those that struggle the most. Armed with this knowledge, Third-Party Risk Management (TPRM) professionals can take into account the totality of their risk surface, and how it impacts the overall security performance of an organization

(more available)
Added: April 25, 2023
image from Finding The Signal Through The Noise

Finding The Signal Through The Noise

For this report, Securonix partnered with the Cyentia Institute to analyze a dataset of more than 54 billion events fed into more than 154k policies generating an average of more than 750k violations per hour. The goal? To quantify our assumptions and findings in a way that can help organizations calibrate what’s going on in their own environments.

(more available)
Added: April 25, 2023
image from Security Outcomes Report, Volume 3

Security Outcomes Report, Volume 3

In this third volume of the Security Outcomes Report, we break security resilience down into digestible and actionable insights. (Because we’re sure you have enough on your plate without having to crack the code to resilience on your own.) No one report can cover all there is to know about such a colossal subject matter; but we’ve surfaced some highlights for you to consider when building and refining your cybersecurity strategy for the road ahead.

(more available)
Added: April 25, 2023
image from High Risk Users and Where to Find Them

High Risk Users and Where to Find Them

It’s a horror story that many organizations are familiar with - an employee clicks a link or visits a website, and chaos ensues. At best, it’s just a minor disruption. At worst, business continuity is broken, and an organization’s critical infrastructure is at risk. Regardless of the outcome, managing human risk is a major part of business today. In this report, we dive into what makes workers high risk, where those high risk users spend their time, what are their riskiest behaviors, and what that might mean for your organization’s security.

(more available)
Added: April 25, 2023
image from Navigating The Paths Of Risk: The State of Exposure Management in 2023

Navigating The Paths Of Risk: The State of Exposure Management in 2023

Our second annual report presents key insights drawn from tens of thousands of attack path assessments conducted through XM Cyber’s exposure management platform during 2022. These assessments uncovered over 60 million exposures affecting 10 million entitles deemed critical to business operations. Anonymized datasets were exported from the XM Cyber platform and provided to Cyentia Institute for analysis.

(more available)
Added: April 10, 2023
image from The Evolving CVE Landscape

The Evolving CVE Landscape

In this report, sponsored by F5 Labs, we take a step back and examine the universe of vulnerabilities (defined by the CVE) and how it’s changed in the last 20 years. As you will see, we will find some surprising things along the way.

(more available)
Added: March 1, 2023
image from Close Encounters of the Third (and Fourth) Party Kind

Close Encounters of the Third (and Fourth) Party Kind

This report offers an in-depth examination of the underlying condition that enables such incidents to take place-the widespread interdependence of modern digital supply chains. We analyzed data from over 230,000 organizations to investigate the prevalence of security incidents among third parties. We then measure the extent of vendor relationships and explore the effects of that exposure. Finally, we compare the security posture of organizations to that of their third and fourth-parties to yield data-driven insights on how to identify risky vendors and better manage exposure.

(more available)
Added: February 1, 2023
image from IRIS Tsunami

IRIS Tsunami

We identified 50 of the largest multi-party cyber incidents over the past several years in an effort to understand their causes and consequences from beginning to end. Tsunami draws from the same rigorous methodology in the rest of the IRIS series. We started with a huge dataset of cyber loss events, identified those that involved multiple organizations, and then researched each event to understand who was behind it, what happened, how the after effects propagated through the supply chain, and the financial losses for all parties involved.

(more available)
Added: January 9, 2023
image from The State of Noncompliance in Cyber Risk Management

The State of Noncompliance in Cyber Risk Management

The goal of this report is to offer a view on the state of compliance in today’s typical organization, including: the rate of noncompliance among a typical organization’s assets, the compliance standards that are hardest for organizations to adhere to, how well compliance tracks against the overall risk surface and the most common security controls causing non-compliance.

(more available)
Added: October 12, 2022
image from Reining in Ransomware

Reining in Ransomware

In this report, we’ve analyzed on-the-ground evidence collected while responding to nearly 1,500 ransomware events exceeding $1 billion in ransom demands. Through it all, we’ve helped our clients manage their response, minimize costs, and maintain business operations. And we hope this report helps many other organizations and insurers do the same.

(more available)
Added: October 11, 2022
image from Information Risk Insights Study

Information Risk Insights Study

This study leverages a vast dataset spanning over 77,000 cyber events experienced by 35,000 organizations over the last decade. This dataset is drawn from Advisen’s Cyber Loss Data, which contains over 138,000 cyber events collected from publicly verifiable sources.

(more available)
Added: October 7, 2022
image from Quantifying the financial savings Protective DNS (PDNS) brings to the UK public sector

Quantifying the financial savings Protective DNS (PDNS) brings to the UK public sector

This report provides an analysis of the DNS queries blocked by Protective DNS, finds commonalities among the end users that are protected, and uses a financial model to estimate the value of the threat prevention provided by Protective DNS to the UK economy.

(more available)
Added: May 11, 2022
image from IRIS Risk Retina - Nonprofit

IRIS Risk Retina - Nonprofit

This free public report from the Cyentia IRIS Risk Retina series clears away the fog of FUD, providing parameters for frequency and loss of publicly discoverable cyberevents in the nonprofit sector.

(more available)
Added: March 21, 2022
image from The Size and Shape of Workforce Risk

The Size and Shape of Workforce Risk

A deep dive into the profiles of workforce members, identifying the characteristics of greater and less cyberrisk.

Added: March 9, 2022
  • ««
  • «
  • 1
  • 2
  • 3
  • 4
  • »
  • »»
© Cyentia Institute 2025
Library updated: July 2, 2025 08:08 UTC (build b1d7be4)