This report investigates the ways in which organizations can support engineering productivity through initiatives such as supporting information search, more usable deployment toolchains, and reducing technical debt through flexible architecture, code maintainability, and viewable systems.

The insurance industry has been asked by Lloyd’s, regulators, and its own senior management to understand its exposure to this type of cyber risk. To address this, AIR has developed a comprehensive database of industry exposures that provides the information insurers need for accurate modelling and has used it to form the basis of the alternative modelling approach described in this report. The results of this cloud downtime scenarios analysis could help insurance managers gain insights into how to grow their cyber business in a controlled and prudent manner.

This publication from Fortinet looks at how the threat landscape has changed in the third quarter of 2018 by doing data-driven analysis with some noteworthy events pulled from Q3 2018 headlines.

Ponemon Institute surveyed 627 IT and IT security practitioners in the United States to understand how well organizations are addressing cyber risks associated with attackers who may already be residing within the perimeter, including insiders that might act maliciously. In this study, these are referred to as “post-breach” or “resident” attackers. The findings consistently show that organizations do not fully understand the risks associated with this type of threat, are unprepared for resident attackers, and have little ability to discover and remove them.

In 2018, WSJ Pro Cybersecurity partnered with ESI ThoughtLab, a thought leadership and economic research firm, to gather data on how more than 1,300 enterprises were responding to the challenge of managing cyber risk. The study launched in late 2018 with the ground-breaking report ‘The Cybersecurity Imperative’ and continues with this pulse update report based on the findings of a new sample of companies.

From the report, “ONE OF THE most important priorities of a state chief information officer (CIO) is to reduce risk to their state. Cybersecurity and reducing cyber risk, specifically, is top of mind for every state CIO and many factors contribute to this. For example, it is unknown how many cyberattacks have been attempted on state government collectively, but one state estimates that two years ago there were 150 million attacks a day, while today there is an average of 300 million attacks per day. The same state has seen as many as 800 to 900 million in one day. "

Aon is supporting its global clients to respond to political risks and security challenges by using the analysis derived from the maps to inform the creation of a more robust risk management programme. We hope this year’s maps provide you with the insights that you need to better protect your business, and should you need to discuss any aspects of your insurance coverage – or how these risks affect your exposure – please contact the team.

In multiple areas of cyber security, time is currently working in favor of the attackers — and time is the strategic advantage that the defenders need to regain. In a recent report, Aberdeen Group leveraged Verizon Data Breach Investigations Report data to uncover the distribution of attacker “dwell times,” i.e., the total time in days from attacker compromise to defender detection.

This very thorough report offers insight into the future of the Mobile trends of 2019.

The ninth annual cost of cybercrime study helps to quantify the economic cost of cyberattacks by analyzing trends in malicious activities over time.

This report provided by Oxford University provides research data into the Russian involvement in the United States election process.

This report takes a specific look back at connected medical device events that occurred in 2017.

In June of 2018 Claroty asked the experts about the state of industrial cybersecurity. This paper discusses what they said.

This paper is a follow-up to IOActive’s 2016 report1 on vehicle vulnerabilities. The goal of this paper is to revisit the topic using data from the past two years (2016, 2017) and to compare this information to previous findings to analyze how the industry is progressing.

From the Report, “This paper is based on our own research, in which we discovered critical cybersecurity issues in several robots from multiple vendors. While we assist the vendors in addressing the cybersecurity vulnerabilities identified, we want to describe the currently available technology, some of the threats posed by a compromised robot, and the types of cybersecurity issues we discovered. The goal is to make robots more secure and prevent vulnerabilities from being used maliciously by attackers to cause serious harm to businesses, consumers, and their surroundings.”

This case study, focuses on one of Claroty’s power plant installations. It illustrates challenges and solutions that are both unique to the power generation sub-segment, as well those that apply to the broader context of OT cybersecurity.

This report offers insight for institutions of higher learning seeking to understand that regulations and issues surrounding cybersecurity on campus.

Aon’s Cyber Solutions explores eight specific risks that organizations may face in 2019 no matter where they are on their digital journey.

From the report, “A growing list of contractors and subcontractors have disclosed that they have been victims of data breaches resulting in the compromise of sensitive government information. In response, U.S. federal agencies have or are considering expanding cybersecurity requirements for their contractor base and adopting best practices for evaluating and monitoring those entities. In a recent study, BitSight found a large gap in the security posture between financial organizations and their third parties. This BitSight Insights report explores a similar question: what is the cybersecurity performance of U.S. federal contractors, and how does that compare to the performance of U.S. federal agencies?”

A review of the observed (externally facing) security practices of the Fortune 1000 firms.

From the report, “This technical whitepaper presents and discusses the concept of “Connectivity as Code”, a complementary concept to “Infrastructure as Code” (IaC), and we will explain how it can be incorporated into the DevOps lifecycle for a more agile application delivery. We will also describe how empowering the developer to define the application’s connectivity requirements will bridge the gap between developers and network security, and help to automate the application delivery process end-to-end. The solution presented in this whitepaper seamlessly weaves network connectivity into the DevOps methodology, while ensuring continuous compliance, so that automation does not compromise security.”