We identified 50 of the largest multi-party cyber incidents over the past several years in an effort to understand their causes and consequences from beginning to end. (more available)

This study leverages a vast dataset spanning over 77,000 cyber events experienced by 35,000 organizations over the last decade. This dataset is drawn from Advisen’s Cyber Loss Data, which contains over 138,000 cyber events collected from publicly verifiable sources. (more available)

This report provides an analysis of the DNS queries blocked by Protective DNS, finds commonalities among the end users that are protected, and uses a financial model to estimate the value of the threat prevention provided by Protective DNS to the UK economy. (more available)

This free public report from the Cyentia IRIS Risk Retina series clears away the fog of FUD, providing parameters for frequency and loss of publicly discoverable cyberevents in the nonprofit sector. (more available)

A continued look at “ripple events” - multi-party security events - examining the size and frequency of these events, firmographics, as well as the velocity of spread of such events. (more available)

A meta-analysis of industry reports on the variety and forms of application exploits used in security incidents.

The IRIS 20/20 Xtreme is a follow-up to the IRIS 20/20 study earlier this year, this time focusing on the 100 largest cyber incidents of the last five years, totaling $18 billion in reported losses and 10 billion compromised records. (more available)

A survey-driven report of over 150 third-party risk practitioners to understand the challenges facing their programs, the actions those professionals are taking to address the challenges, and identify success factors. (more available)

Using breach information from Advisen, this report seeks to fill in missing gaps in the loss frequency and impact side of quantitative risk analysis. (more available)

Using breach data from Advisen, this report defines ripple effects of breaches as the impacts on companies more than one degree of separation from the company directly affected by the breach. (more available)

The Cisco 2018 Privacy Maturity Benchmark Study was created in conjunction with Cisco’s Annual Cybersecurity Benchmark Study, a double-blind survey completed by more than 3600 security professional in 25 countries and across all major industries. (more available)

To determine real-world costs posed by DDoS attacks in 2014, Incapsula commissioned a survey to gauge real organizations’ experiences with them. (more available)

The purpose of the research, in this report, is to understand how organizations qualify and quantify the financial risk to their tangible and intangible assets in the event of a network privacy or security incident. (more available)

This study claims to be the first systematic discussion of potential risk transfer options for cyber risks. They compare several risk transfer options, including insurance, reinsurance and alternative risk transfer. (more available)

Today’s threat landscape is rapidly evolving, which means it is simply not enough for organizations to roll out an annual security training program and then pat themselves on the back for a job well done. (more available)