The Red Report 2025 focuses on the top ten most frequently observed MITRE ATT&CK techniques, presenting a roadmap for organizations to use to understand and prioritize their defenses. From process injection and credential theft to impairing defenses and data exfiltration over encrypted channels, these techniques represent the core strategies employed by todayʼs attackers to achieve their objectives.

In this report, we look back at the 900 million attacks we analyzed in the threat landscape of 2024. Additionally, we offer organizations tactical insights and strategic recommendations for improving defenses this year. From the financial impact of attacks to geopolitical tensions that lead to cyber warfare, cybersecurity is top of mind for enterprise and government organizations in 2025.

The 2024 Cybersecurity Threat Report aims to be a crucial resource for CISOs, CIOs, and security leaders seeking to navigate this complex environment. By analyzing billions of threat data points collected across our vast customer base, we aim to provide a comprehensive view of the current threat landscape and offer actionable insights for strengthening organizations’ cybersecurity postures.

In today’s crowded and fast-paced technology environment, finance organizations must efficiently and securely manage access to an ever-increasing range of digital services and resources. This puts tremendous pressure on their IT and security teams to keep operations running smoothly and cyber defenses ironclad, even as their exposure to cyberthreats grows. At the core of this challenge is identity security, which ensures authorized individuals gain access to systems and that imposters and threats are shut out.

1Password’s 2022 State of Access Report, an annual survey of North American workers’ sentiments and behaviors around cybersecurity and other critical aspects of modern work, reveals that the acute burnout detected in last year’s survey has paved the way for a widespread sense of distraction in a time of “permacrisis.” When security protocols and practices aren’t automated, even the most well-intentioned employees can unwittingly cause a breach.

1Password Business is an encrypted password solution that provides users with secure access via autofill logins, autogenerated strong passwords, and vault features. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organization. Forrester took a multistep approach to evaluate the impact that 1Password can have on an organization.

In this report, we’ll delve into insights drawn from an analysis of over 16 billion authentications in the last year (and over 44B in the last 4 years), spanning nearly 52 million different browsers, on 58 million endpoints and 21 million unique phones across regions. Authenticator apps like Duo mobile appeal to both demand for higher security and ease-of-use. Last year, access to remote access applications fell to nearly 25% of authentications after peaking in 2020.

Security threats are real, they continue to grow, and they are likely to penetrate an organization through email. Organizations simply cannot settle for ‘Good Enough’ email security and sole reliance on a SEG is not enough. As we all know, it only takes one breach to damage a company’s financial status, brand reputation, and/or relationship with its employees and customers. Each day, our analysts see thousands of threats that are bypassing all SEGs on the market.

This study delivers the latest insights into the threat landscape of workplace collaboration and the opportunities presented by the fastest-growing dataset across the enterprise today. As the leading AI data platform for employee listening, Aware analyzes the state of risk across collaboration platforms such as Slack, Teams, Zoom and Workplace from Meta to create awareness around both the risks and opportunities that lie within digital workplace conversations.

This year’s report introduces results from the Attack Path Validation (APV) and Detection Rule Validation (DRV) products on the Picus platform, offering deeper observations into organizational preparedness against automated penetration tests and the effectiveness of detection rules in SIEM systems. It provides perspective into the current state of cybersecurity and recommends Continuous Threat Exposure Management (CTEM) for those working to adopt a holistic approach.

The 2024 edition of the Blue Report provides key findings and practical recommendations for cybersecurity professionals by evaluating the effectiveness of current detection and prevention practices. The Blue Report 2024 serves as a crucial resource for cybersecurity professionals and decision-makers. It provides perspective into the current state of cybersecurity and recommends Continuous Threat Exposure Management (CTEM) for those working to adopt a holistic approach.

Alto’s methodology employs a data-first approach with the objective of supporting experts and practitioners establish an evidence-based understanding of the complex, multivariate nature of extremism and radicalization online and its multi-layered relationship with: the vulnerabilities linked to certain narratives and ideologies that constitute a part of public discourse and can be weaponized with specific aims. this report does highlight specific domains, channels and other digital spaces to aid practitioners in understanding the mechanics of the digital spaces analyzed.

In this report, the term security awareness program is used to describe a structured effort to engage, train, and secure your workforce and build a strong security culture. However, many organizations refer to such efforts using different terms, including security behavior and culture, security engagement and influence, security training and education, security communications, or human risk management.

This Index provides a comprehensive view of what organizations need to be ready to tackle the security challenges of the modern world, and more importantly where companies across the globe are lacking. It provides a detailed point of reference and serves as a guide on what organizations need to do to improve their cybersecurity resilience.

This analyst report contains information about cyberattacks investigated by Kaspersky in 2023. Kaspersky provides a wide range of services — incident response, digital forensics, malware analysis, etc. — to help organizations affected by information security incidents. The data used in this report is derived from working with organizations that have sought assistance with responding to incidents or conducted professional events for their internal incident response teams.

In this report we share runZero’s observations from our unique perspective as an applied security research team. Our goal is to provide insight into how the security landscape is changing, and recommendations on what you can do to get ahead of these changes.

This report is the first attempt to map out the most critical identity security weaknesses in the hybrid enterprise environment. These Identity Threat Exposures (ITEs), gathered from hundreds of live production environments, are the key weaknesses that allow attackers to access credentials, escalate privileges and move laterally, both on-prem and in the cloud.

Our research sheds light on a concerning trend: 90% of exposed valid secrets remain active for at least five days after the author is notified. This finding emphasizes a crucial lesson in code security: while detecting vulnerabilities is critical, the real challenge lies in remediation. Security, we believe, must be a shared responsibility across all stages of the Software Development Life Cycle (SDLC), not just the domain of specialized teams. Raising awareness about these seemingly minor lapses is essential for mitigating supply chain risks.

In 2023, malicious email threats bypassing secure email gateways (SEGs) increased by more than 100% . In other words, your email security solutions aren’t stopping the threats you think they are. Security threats are real, they continue to grow, and they are likely to penetrate an organization through email . Organizations simply cannot settle for ‘Good Enough’ email security and sole reliance on a SEG is not enough . As we all know, it only takes one breach to damage a company’s financial status, brand reputation, and/or relationship with its employees and customers.

Our sixth annual retrospective, this report is based on in-depth analysis of nearly 60,000 threats detected across our more than 1,000 customers’ endpoints, networks, cloud infrastructure, identities, and SaaS applications over the past year. This report provides you with a comprehensive view of this threat landscape, including new twists on existing adversary techniques, and the trends that our team has observed as adversaries continue to organize, commoditize, and ratchet up their cybercrime operations.

This report uses data from the Synopsys Black Duck Audit Services team’s analysis of anonymized findings from 1,067 commercial codebases across 17 industries during 2023. The Audit Services team has helped security, development, and legal teams around the world strengthen their security and license compliance programs for over 20 years. The team audits thousands of codebases for our customers each year, with the primary aim of identifying software risks during merger and acquisition (M&A) transactions.