This report includes incidents that occurred during 2015-2019. A total of 3,547 claims were analyzed, and data was distilled into over 100 categories. (more available)

We wanted to gain insights into the experience of security teams who are at the helm of their organization’s detection and response operations and uncover more about what they experience each day. (more available)

This free public report from the Cyentia IRIS Risk Retina series clears away the fog of FUD, providing parameters for frequency and loss of publicly discoverable cyberevents in the nonprofit sector. (more available)

This annual report on trends in submitted claims in the cybersecurity insurance space. With particular focus on current trends such as ransomware and company firmographics. (more available)

The 17th edition of the Cost of a Data Breach report. Focuses on survey derived information to determine the cost of data breach incidents. (more available)

The IRIS 20/20 Xtreme is a follow-up to the IRIS 20/20 study earlier this year, this time focusing on the 100 largest cyber incidents of the last five years, totaling $18 billion in reported losses and 10 billion compromised records. (more available)

The 2020 update of this survey-based review of the costs of a data breach, as reported by practitioners in the field. (more available)

The annual report on the composition and findings of security testing as powered by BugCrowd’s bug bounty platform of nearly 3,500 security testers. (more available)

Using breach information from Advisen, this report seeks to fill in missing gaps in the loss frequency and impact side of quantitative risk analysis. (more available)

Ponemon Institute is pleased to present the findings of the 2020 Cost of Insider Threats: Global study. Sponsored by ObserveIT and IBM, this is the third benchmark study conducted to understand the direct and indirect costs that result from insider threats. (more available)

Using survey data from 2,500 security professionals who indicated they have some measure of privacy responsibilities, this report provides analysis on the ROI for privacy efforts, maturity of privacy programs, vendor selection, and other topics. (more available)

Using data from the Verizon DBIR and other sources, this report reviews the value of DNS in overall organizational security.

In 2018, WSJ Pro Cybersecurity partnered with ESI ThoughtLab, a thought leadership and economic research firm, to gather data on how more than 1,300 enterprises were responding to the challenge of managing cyber risk. (more available)

This third Hiscox Cyber Readiness Report provides you with an up-to-the-minute picture of the cyber readiness of organisations, as well as a blueprint for best practice in the fight to counter the ever-evolving cyber threat. (more available)

This report reveals findings around the cybersecurity landscape. To inform this report they surveyed ,3,200 security leaders asking questions in three categories, Set Up - how do you set yourself up for success, Architecture - what is your approach to vender/solution selection, and finally Breach Readiness and Response. (more available)

Law firm Clyde & Co and risk analytics platform Corax have collaborated to bring you a joint white paper identifying the key drivers of frequency and cost for cyber insurance claims. (more available)

The Cisco 2018 Privacy Maturity Benchmark Study was created in conjunction with Cisco’s Annual Cybersecurity Benchmark Study, a double-blind survey completed by more than 3600 security professional in 25 countries and across all major industries. (more available)

The findings from this study provide strong evidence that organizations are benefitting from their privacy investments beyond compliance. Organizations that are ready for GDPR are experiencing shorter delays in their sales cycle related to customers’ data privacy concerns than those that are not ready for GDPR. (more available)

This report provides an international study of senior management attitudes to leadership development and executive education. It also provides insight into cybersecurity related issues. (more available)

This report provides new mindsets and methods for measuring and minimizing business risk.

Since June 2016, the Global Cyber Alliance (GCA) has been working to accelerate adoption of DMARC, an email security standard, by providing a set of easy-to-use tools and campaigns to drive deployment. (more available)