CISA created the KEV catalog in part because of challenges that organizations have historically faced in prioritizing vulnerabilities. In any given year, there are tens of thousands of new vulnerabilities. But according to CISA, a study of historical vulnerability data dating back to 2019 shows that less than 4% of all known vulnerabilities were being used by attackers in the wild.

The report raises a number of interesting findings, which you’ll read about in the pages to come. However, one through line that emerges is the need for reliable threat intelligence and its impact on threat hunters’ ability to do their jobs well. Threat intelligence, or lack thereof, is a commonality across the top challenges respondents identified. Access to threat intelligence also affects nearly every aspect of how respondents say they do their jobs.

While third-party risk management is a well-established practice, it’s also continuously evolving. Organizations of all sizes and industries must continually adapt and change to effectively identify, assess, manage, and monitor third-party risks. By analyzing the third-party risk management landscape and practices captured in our survey, organizations can see where they stand compared to their peers and consider that information as they prepare and implement changes this year and beyond.

The healthcare sector is particularly vulnerable to cybersecurity risks and the stakes for patient care and safety are particularly high. Healthcare facilities are attractive targets for cyber criminals in light of their size, technological dependence, sensitive data, and unique vulnerability to disruptions. And cyber incidents in healthcare are on the rise.

This report is sponsored by RiskRecon, a Mastercard Company and conducted by Ponemon Institute, 1,162 IT and IT security professionals in North America and Western Europe were surveyed. All participants in the research are familiar with their organizations’ approach to managing data risks created through outsourcing. Sixty percent of respondents said the number of cybersecurity incidents involving third parties have increased.

Our CEO Report on Cyber Resilience draws on 37 interviews with CEOs of large global enterprises. It explores the role chief executives need to play in successfully managing cybersecurity risks. Our interviews with CEOs reveal that this shift to thinking about cyber resilience requires fundamental changes in approach: how they think about cybersecurity (their mindsets) and how they act (their playbooks).

This report explores four key trends in teh payments space, and their importance to issuers, merchants and fintechs in reducing losses from fraud and unnecessary chargebacks while also delivering a next-gen customer experience.

This report, Keeper’s second annual U.S. Cybersecurity Census, maps the transforming landscape of cybersecurity based on these expert insights. It provides leaders with a forensic assessment of the threats their businesses face, and details the urgent strategies necessary to overcome them.

This report looks at the roles and responsibility CISO’s have, highlighting changes over the past 12-18 months.

A deep dive into the nature of the finance sector’s public risk surface. Reviewing subsectors of the finance ecosystem, including supply chains.

A survey-driven report of over 150 third-party risk practitioners to understand the challenges facing their programs, the actions those professionals are taking to address the challenges, and identify success factors.

A June 2020 survey to assess the current challenges and perceptions of the oft-mentioned cybersecurity skills gap problem faced by IT and security teams worldwide. More than 800 individuals of varying experience, ranging from system admins to CISOs, responded. Key takeaways from the survey are reported here.

This document institutes the third edition of the CISO Current report and contains data gathered from direct interviews surveying almost 40 cybersecurity executives at leading enterprises.

Using survey data from 2,500 security professionals who indicated they have some measure of privacy responsibilities, this report provides analysis on the ROI for privacy efforts, maturity of privacy programs, vendor selection, and other topics.

Veracode commissioned this survey from 451 Research to understand how widely accepted andpracticed coordinated disclosure – whereby a security researcher identifies a flaw and notifiesthe company, then the two work together to fix and publicly disclose the flaw – really is andwhere the pain points reside. In addition, we wanted to explore the means organizations haveestablished to receive vulnerability reports, and the attitudes toward a coordinated disclosurepolicy on both sides of the organization and among external security researchers. We also soughta deeper understanding of the motivations of security researchers, actions when a vulnerabilityis identified, timing for disclosure, desired outcomes, how organizations structure disclosurepolicies, and the effectiveness of bug bounties.

This report from Pew Research Center goes over how and where the average person’s personal information is used online. It goes over the lack of control most people feel, who collects your data, the lack of understanding people have over who uses their data, and how people think about the privacy and vulnerability of their personal data.

This is a survey conducted by Cisco, mainly talking about their findings that people care about privacy, and a surprisingly large number have already taken actions to protect it.

In this fourth edition of BeyondTrust’s annual Privileged Access Threat Report, we’ll be exploring the 2019 threat landscape in detail, with a focus on how security decision makers are utilizing Privileged Access Management (PAM) solutions to mitigate these risks.

This report outlines the findings from extensive primary research analyzing more than six million enterprise devices over a one year period. Our analysis led to a stunning discovery: much of endpoint security spend is voided because tools and agents fail, reliably and predictably. The clear conclusion is that increasing security spending does not increase safety. In fact, every additional security tool only increases the probability of failure and decay. The data in this report provides evidence that merely investing in more endpoint security tools is ineffective, and a new approach is needed. To secure the endpoint, the security tools already in place must be made resilient.

This monthly report offers insight into PDS2 regulations and devleopments.

From the Report, “In this new world, GRC has tremendous opportunity to add value. For instance, by pushing for higher standards of corporate governance and integrity, GRC can help a business strengthen its reputation, and inspire trust. By providing a clear picture of the regulatory landscape, GRC can help the business expand into new markets faster. And by providing timely risk intelligence on new digital technologies, GRC can help the business capitalize on upside opportunities. In short, the future of GRC lies in being an enabler of business growth and performance.”