The report stated that “Equifax lacked a comprehensive IT asset inventory, meaning it lacked a complete understanding of the assets it owned. This made it difficult, if not impossible, for Equifax to know if vulnerabilities existed on its networks. If a vulnerability cannot be found, it cannot be patched.” The Equifax case is one example of an existential and underreported cybersecurity issue: the vast majority of organizations do not have comprehensive visibility of every asset they need to secure.

This report uses data from the Synopsys Black Duck Audit Services team’s analysis of anonymized findings from 1,067 commercial codebases across 17 industries during 2023. The Audit Services team has helped security, development, and legal teams around the world strengthen their security and license compliance programs for over 20 years. The team audits thousands of codebases for our customers each year, with the primary aim of identifying software risks during merger and acquisition (M&A) transactions.

This research aims to equip cloud security professionals, DevOps, DevSecOps, CISOs, and development leaders with valuable insights and practical recommendations for safeguarding their cloud environments, and in doing so, help to secure the cloud for everyone. In some ways, our study confirmed what is already widely known: attackers are constantly scanning the Internet for lucrative opportunities.

In the 2023 edition, we wanted to understand the specific challenges related to building and maintaining Insider Risk programs, technologies and training. To explore this, we surveyed 700 respondents – cybersecurity leaders, cybersecurity managers and cybersecurity practitioners – from US companies with 500 or more employees from a range of public and private sectors.

In this report, we update the research summarized in the Capstone Report with current job opening data to compare the civilian cybersecurity and IT workforces with those in the U.S. government and the private sector. We also extend the DoD-private industry comparison research summarized in the Capstone Report by further examining the proportion of workers across a common taxonomy of cyber work roles, salaries paid across work roles, and demand for these jobs. Thus, this report both updates and expands upon the research presented in the Capstone Report.

Intel 471 can help your organization defend against a wide variety of cyber threats by providing deep insights and comprehensive expertise into cybercriminal actors and related activity. This report provides a brief exploration of our unique insight into the cyber underground, highlighting how we can proactively help you stay ahead of the curve, enabling you to fight cybercrime and win.

The 2023 State of Security Report surveyed over 240 cybersecurity professionals from North American to reveal the key challenges cybersecurity teams are facing, how they solve cyber issues, and the security technologies organizations prioritize.

The 2021 Insider Landscape Report reveals the latest trends and challenges facing organizations in this new environment. The report explores how IT and cybersecurity professionals deal with risky insiders and how organizations are preparing to better protect their critical data and IT infrastructure.

The 2022 Insider Risk Report is driven by real data observed as part of actual investigations of real customers with whom DTEX detected and responded to potential insider risk incidents before a breach occurred.

This report breaks down several of the most common and most prominent types of cyber threats that impact automobile manufacturers and retailers.

A survey of 2,200 IT professionals from organizations of 250 or more employees. Focuses on attitudes on and about cybersecurity.

The inaugural report from AT&T Business. Leverages data from the AT&T network operations groups as well as outside research firms and network partners.

Using breach data from Advisen, this report defines ripple effects of breaches as the impacts on companies more than one degree of separation from the company directly affected by the breach. As vendor relationships are both broad and deep, a breach in any one company in a network can have distant effects on companies not directly related. The implications upon third party risk management are explored.

In this report, we will address the aforementioned questions using data that Forescout Technologies has carefully gathered, tested and validated from all forms of device networks and the applications they support. This report presents data from a cross-sectional analysis of the Forescout Device Cloud, which is a repository of host and network information for more than 11 million devices (provided anonymously by Forescout customers). With Forescout Device Cloud, we analyze device fingerprints to identify device function, vendor/model, operating system and version to provide granular auto-classification for a wide range of devices. For this study, researchers limited Device Cloud analysis to 100 large financial services deployments with over 8,500 virtual local area networks (VLANs) and nearly 900,000 devices.

In our 25-criterion evaluation of data security portfolio providers, we identified the 13 most significant ones — Dell, Digital Guardian, Forcepoint, Google, GTB Technologies, IBM, Imperva, McAfee, Micro Focus, Microsoft, Oracle, Symantec, and Varonis — and researched, analyzed, and scored them. This report shows how each provider measures up and helps security and risk (S&R) professionals understand the respective strengths of each vendor’s portfolio.

The 2019 Data Exposure Report is based on our survey of 1,028 information security leaders, as well as 615 business decision-makers, all with budgetary decision-making power. The report examines the role of employee actions in causing insider threat, organizational attitudes toward intellectual property and the ability of legacy data loss prevention technologies to stem insider threats.

The Irdeto Global Connected Industries Cybersecurity Survey polled 700 security decision makers across Connected Health, Connected Transport and Connected Manufacturing plus IT and technology* (who manufacture IoT devices) industries about cyberattacks targeting their organization, concerns about the types of attacks that could target their organization, security measures currently in place and much more. The research surveyed both manufacturers and users of IoT devices in five countries – China, Germany, Japan, the UK and the US. The research was fielded online by Vanson Bourne from March – April 2019.

Aon is supporting its global clients to respond to political risks and security challenges by using the analysis derived from the maps to inform the creation of a more robust risk management programme. We hope this year’s maps provide you with the insights that you need to better protect your business, and should you need to discuss any aspects of your insurance coverage – or how these risks affect your exposure – please contact the team.

A Report to Congress Pursuant to the National Defense Authorization Act for Fiscal Year 2000, as Amended

CyberGRX and Ponemon Institute surveyed over 600 IT security professionals to learn more about the cost and efficacy of the tools and processes used to conduct third-party cyber risk management today. The survey respondents come from a variety of industries and are all involved in managing their organizations’ third-party cyber risk management programs (TPCRM). All organizations represented in the study have TPCRM programs and believe it is critical to have cybersecurity risk management controls in place

Ponemon Institute is pleased to present The Value of Threat Intelligence: Annual Study of North American and United Kingdom Companies, sponsored by Anomali. The purpose of this research is to examine trends in the benefits of threat intelligence and the challenges companies face when integrating threat intelligence with existing security platforms and technologies.