An insurance oriented treatment on key trends impacting cyber insurance, based upon meta-analysis from several sources, including Advisen, McKinsey, Sophos and others. (more available)

Do exploit code releases help or harm defenders? We decided to put this hotly contested debate to the test. The seventh volume of the Prioritization to Prediction series produced in conjunction with the Cyentia Institute attacks this debate from all angles. (more available)

This report aims to capture hard data on the experiences of stakeholders who are impacted by IAM processes and technologies, and the impact of current IAM practices on security risks and business operations. (more available)

This report looks at the malware used by a group called Sunburst. It gives a detailed timeline of attacks, and the code used in them. (more available)

This sixth volume of the Prioritization to Prediction series combines vulnerability data from Kenna’s customers with additional intelligence from Fortinet and others. (more available)

This study explores data privacy challenges for organizations that are trying to maintain digital trust with their customers, along with the evolving privacy landscape and its impact on consumers. (more available)

A survey of 260 cyber insurance brokers and 190 cyber insurers, on the challenges and opportunities in the cyber insurance space. (more available)

This report looks at the 10 most impactful factors in cybersecurity success for the next decade.

A survey of 1,000 insurance professionals and risk managers from 56 countries on their beliefs on the impact of COVID-19 and cyber exposure. (more available)

The 2020 Intricately Cloud Security Market Report unpacks global cloud security trends surrounding the growth of application security.

This report explains the findings of a study the did, showing that seeking the exact technology to solve your newest, most pressing security concern may actually be multiplying security gaps that slow you down instead of simplifying your security environment. (more available)

A review of the cybersecurity job market in the UK, the nature and extent of skill gaps and shortages. A combination of surveys, qualitative research with firms, and a review of job postings. (more available)

This report sought to understand the health and security of Free and Open Source Software (FOSS) as it is today. It identifies the most commonly used free and open source software components in production applications, and examines them for potential vulnerabilities. (more available)

The third edition of Infosecurity Magazine’s annual report. A survey of 75 respondants with approximately 1/3 academic, 1/3 industry, and 1/3 investors. (more available)

A survey-based report from March 2020 on the impacts of staff shortages in the cybersecurity industry. A special focus on remote work and COVID-19 impacts. (more available)

This report from Cisco proves 10 cyber security myths false.

This report, the first in a series from Blueliv offering an overview of cybercrimeindustry, detailed some features of a rapidly growing cybercriminal serviceseconomy. (more available)

This is the 6th annual SOTI from Akamai. The Key findings are: • Between November 2017 and October 2019, more than 40% of the unique DDoS targets were in the financial services industry • Traditional logins (username and password) still account for the majority (74%) of access methods to applications and services • From May to October 2019, credential stuffing attacks targeting the financial services industry have targeted APIs, often accounting for 75% or more of the total login attacks against financial services

The Worldwide Security Spending Guide examines the security opportunity from a technology, industry, company size, and geography perspective. This comprehensive database delivered via IDC’s Customer Insights query tool allows the user to easily extract meaningful information about the security technology market by viewing data trends and relationships and making data comparisons. (more available)

In our 25-criterion evaluation of data security portfolio providers, we identified the 13 most significant ones — Dell, Digital Guardian, Forcepoint, Google, GTB Technologies, IBM, Imperva, McAfee, Micro Focus, Microsoft, Oracle, Symantec, and Varonis — and researched, analyzed, and scored them. (more available)

Veracode commissioned this survey from 451 Research to understand how widely accepted andpracticed coordinated disclosure – whereby a security researcher identifies a flaw and notifiesthe company, then the two work together to fix and publicly disclose the flaw – really is andwhere the pain points reside. (more available)