An insurance oriented treatment on key trends impacting cyber insurance, based upon meta-analysis from several sources, including Advisen, McKinsey, Sophos and others.

Do exploit code releases help or harm defenders? We decided to put this hotly contested debate to the test. The seventh volume of the Prioritization to Prediction series produced in conjunction with the Cyentia Institute attacks this debate from all angles. Poring over Kenna Security’s own threat and vulnerability intelligence, anonymized platform data, and Fortinet exploitation data, we analyzed over 6 billion vulnerabilities affecting 13 million active assets across nearly 500 organizations.

This report aims to capture hard data on the experiences of stakeholders who are impacted by IAM processes and technologies, and the impact of current IAM practices on security risks and business operations.

This report looks at the malware used by a group called Sunburst. It gives a detailed timeline of attacks, and the code used in them. It also compares the code to popular malware like Kazuar, suggesting it is being used by the same groups.

This sixth volume of the Prioritization to Prediction series combines vulnerability data from Kenna’s customers with additional intelligence from Fortinet and others. This volume provides a quantitative analysis of the timeline of key dates in the lifecycle of an exploited vulnerability, exploring the effects of releasing exploit code relative to the date of CVE publication and patch availability, discussing the ramifications to attackers and defenders.

This study explores data privacy challenges for organizations that are trying to maintain digital trust with their customers, along with the evolving privacy landscape and its impact on consumers.

A survey of 260 cyber insurance brokers and 190 cyber insurers, on the challenges and opportunities in the cyber insurance space. Includes perspectives on aggregation risks, GDPR impact, and third part risk management.

This report looks at the 10 most impactful factors in cybersecurity success for the next decade.

A survey of 1,000 insurance professionals and risk managers from 56 countries on their beliefs on the impact of COVID-19 and cyber exposure.

The 2020 Intricately Cloud Security Market Report unpacks global cloud security trends surrounding the growth of application security.

This report explains the findings of a study the did, showing that seeking the exact technology to solve your newest, most pressing security concern may actually be multiplying security gaps that slow you down instead of simplifying your security environment.

A review of the cybersecurity job market in the UK, the nature and extent of skill gaps and shortages. A combination of surveys, qualitative research with firms, and a review of job postings.

This report sought to understand the health and security of Free and Open Source Software (FOSS) as it is today. It identifies the most commonly used free and open source software components in production applications, and examines them for potential vulnerabilities.

This report from Cisco proves 10 cyber security myths false.

This report, the first in a series from Blueliv offering an overview of cybercrimeindustry, detailed some features of a rapidly growing cybercriminal serviceseconomy. We first covered the first elements in a process, from acquiringand preparing malicious code for use in a campaign, prior to setting upthe infrastructure to deliver the ‘product’ to its victims.

This is the 6th annual SOTI from Akamai. The Key findings are: • Between November 2017 and October 2019, more than 40% of the unique DDoS targets were in the financial services industry • Traditional logins (username and password) still account for the majority (74%) of access methods to applications and services • From May to October 2019, credential stuffing attacks targeting the financial services industry have targeted APIs, often accounting for 75% or more of the total login attacks against financial services

The Worldwide Security Spending Guide examines the security opportunity from a technology, industry, company size, and geography perspective. This comprehensive database delivered via IDC’s Customer Insights query tool allows the user to easily extract meaningful information about the security technology market by viewing data trends and relationships and making data comparisons.

In our 25-criterion evaluation of data security portfolio providers, we identified the 13 most significant ones — Dell, Digital Guardian, Forcepoint, Google, GTB Technologies, IBM, Imperva, McAfee, Micro Focus, Microsoft, Oracle, Symantec, and Varonis — and researched, analyzed, and scored them. This report shows how each provider measures up and helps security and risk (S&R) professionals understand the respective strengths of each vendor’s portfolio.

Veracode commissioned this survey from 451 Research to understand how widely accepted andpracticed coordinated disclosure – whereby a security researcher identifies a flaw and notifiesthe company, then the two work together to fix and publicly disclose the flaw – really is andwhere the pain points reside. In addition, we wanted to explore the means organizations haveestablished to receive vulnerability reports, and the attitudes toward a coordinated disclosurepolicy on both sides of the organization and among external security researchers. We also soughta deeper understanding of the motivations of security researchers, actions when a vulnerabilityis identified, timing for disclosure, desired outcomes, how organizations structure disclosurepolicies, and the effectiveness of bug bounties.

This global survey was carried out during the third quarter of 2019. 271 brokers and 96 underwriters – all involved in cyber insurance - shared with us their observations and views of the cyber insurance marketplace

Risk Based Security has been sharing our Vulnerability QuickView reports with the world, providing detailed analysis on the vulnerability landscape based on data from our vulnerability intelligence product, VulnDB . Continuing from our previous 2019 Mid-Year report, this edition of the QuickView delves into the months of August through October. The information collected is displayed in a series of charts depicting various groupings, classifications, insights, and comparisons of the data