This report summarizes our findings and provides a resource for benchmarking an organization’s approach to risk oversight against current practices. In addition to highlighting key findings for the full sample of 560 respondents, we also separately report many of the key findings for the following subgroups of respondents: 152 large organizations (those with revenues greater than $1 billion), 129 publicly traded companies, 151 financial services entities and 156 not-for-profit organizations. (more available)

This report is based on an annual survey of boards of directors and C-suite executives about risks on the horizon for the upcoming year. (more available)

Over 5,100 IT and security professionals across 27 countries were asked about their organizations’ approaches to updating and integrating security architecture, detecting and responding to threats, and staying resilient when disaster strikes. (more available)

A survey of CISOs across 1,400 organizations supplemented with interviews of 100 individuals.

This report looks at the roles and responsibility CISO’s have, highlighting changes over the past 12-18 months.

This report looks into spear-phishing attacks as the education sector has moved to be remote. It looks at trends in ways they are targeting schools, as well as solutions organizations can use to defend against these attacks. (more available)

An annual survey on the challenges and response to those challenges of cybersecurity in the Industrial Control Systems (ICS) space.

A survey of over 1,000 US and UK IT professionals on the challenges to having the necessary in-house expertise to achieve a strong cybersecurity posture. (more available)

This report outlines job opportunity in the cybersecurity industry. It reveals that the workforce needs to grow dramatically to meet the current demand, that there is a skills gap, and more. (more available)

This report focuses on an analysis of security controls effectiveness across the multiple stages of attack lifecycles within 11 global industries. (more available)

A survey of 450 individuals on cybersecurity spending plans, areas of investment, and workforce requirements.

Using telephone survey of UK business and thirty in-depth interviews, this report reviews awareness and approaches to cyber security in the UK as well as the nature and impact of breaches by firm size and sector. (more available)

The inaugural report from AT&T Business. Leverages data from the AT&T network operations groups as well as outside research firms and network partners. (more available)

As software proliferates and DevOps takes hold, we conducted this study to understand the impact of utilizing Pentest as a Service (PtaaS) vs. (more available)

In this report, we explore the state of OT security from the perspective of IT security practitioners, and provide practical recommendations on how to bridge the IT and OT cybersecurity gap. (more available)

This is a survey conducted by Cisco, mainly talking about their findings that people care about privacy, and a surprisingly large number have already taken actions to protect it. (more available)

The 2019 Survey of 211 participants covers Overall risk security, Risk Management, and also covers what job titles are involved, and what industries are involved. (more available)

This report provides Advanced Cyber Security Center executives weighing in on the Board’s role as a strategic partner to management in balancing digital transformations and cybersecurity risks. (more available)

“In late 2018 and early 2019, the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) conducted its third annual research product focused on the lives and experiences of cybersecurity professionals. (more available)

This report offers insight for lawyer’s and details how boards should proactively strive to create companywide cybersecurity protocols to avoid potential litigation. (more available)

CyberGRX and Ponemon Institute surveyed over 600 IT security professionals to learn more about the cost and efficacy of the tools and processes used to conduct third-party cyber risk management today. (more available)