This report is based on the summary statistical analysis of over 10,000 cyber claims for incidents that occurred during the five-year period 2019–2023. We see enormous variances in the magnitude of loss data. The smallest claims were less than $1,000; the largest were over $500M. The numbers of records exposed ranged from 1 to over 140M.

ThreatLabz found that ransomware attacks increased by 17.8% year-overyear based on blocked attempts in the Zscaler cloud, while ransomware attacks identified through data leak site analysis surged by 57.8%. The findings presented in this report underscore the need for organizations to prioritize protection against the relentless tide of ransomware. The insights and strategies in the report serve as a crucial guide for improving your ransomware defenses.

This year’s research shows that, while most businesses have a ransomware strategy in place, many are incomplete. They’re either missing a documented plan or the right people to execute it. As a result, we see that many organizations are paying the ransom. Likewise, whilst many have cyber insurance, too many simply don’t know if or to what degree it covers them for ransomware attacks.

The report is based on the findings of an independent, vendor-agnostic survey commissioned by Sophos of 5,000 IT/cybersecurity leaders across 14 countries in the Americas, EMEA, and Asia Pacific. The research reveals that investing in cyber defenses to optimize your insurance position is a double win: organizations report both easier and cheaper access to coverage as well as wider benefits such as improved protection, fewer alerts, and freeing up IT time. This finding further emphasizes the importance of considering cyber risk investments holistically, rather than as individual components.

This report delves into the depths of cyber risk management, unearthing the critical coverage gaps that threaten organizational stability in the wake of cyberattacks. In an era where digital threats loom larger than ever, businesses are increasingly turning to cyber insurance as a safeguard against the financial ravages of data breaches. Yet CYE’s study leveraging external and internal datasets reveals a stark reality: the protection afforded by such insurance may fall significantly short of the actual costs incurred during cyber incidents.

The Professional Services sector includes a broad array of organizations. Although there are no strict criteria for considering a company to be in this sector, there is general agreement that inclusion requires specialized training and experience, and, in many cases, qualification by exam and licensing managed by either national or state authorities. Using our 5-year dataset, we have analyzed 1,500 Professional Services claims dated 2017 through 2021. Professional Services sector incidents account for 20% of all claims in the dataset.

This report is based on the summary statistical analysis of over 9,000 cyber claims for incidents that occurred during the five-year period 2018–2022. By comparison, the third Cyber Claims Study, published in 2013, analyzed fewer than 150 cyber insurance claims.

The findings in this 2023 cybersecurity skills gap report clearly show that organizations are fighting an uphill battle against cyberthreat— incurring more breaches, in need of skilled professionals, and continuing to struggle to fill key positions.

This report offers IT, risk management and security leaders a lens into factors that can increase or help mitigate the rising cost of data breaches. This report also examines root causes, short-term and long-term consequences of data breaches, and the mitigating factors and technologies that allow companies to limit losses.

This study leverages a vast dataset spanning over 77,000 cyber events experienced by 35,000 organizations over the last decade. This dataset is drawn from Advisen’s Cyber Loss Data, which contains over 138,000 cyber events collected from publicly verifiable sources.

This report includes incidents that occurred during 2015-2019. A total of 3,547 claims were analyzed, and data was distilled into over 100 categories. To compare, the fifth Cyber Claims Study, published in 2015, analyzed 207 cyber insurance claims. While many of the categories over the last five years have remained the same, the data has changed, sometimes dramatically.

We wanted to gain insights into the experience of security teams who are at the helm of their organization’s detection and response operations and uncover more about what they experience each day. We surveyed over 400 security engineers and analysts to understand the current state of detection and response.

This free public report from the Cyentia IRIS Risk Retina series clears away the fog of FUD, providing parameters for frequency and loss of publicly discoverable cyberevents in the nonprofit sector.

This annual report on trends in submitted claims in the cybersecurity insurance space. With particular focus on current trends such as ransomware and company firmographics.

The 17th edition of the Cost of a Data Breach report. Focuses on survey derived information to determine the cost of data breach incidents.

The IRIS 20/20 Xtreme is a follow-up to the IRIS 20/20 study earlier this year, this time focusing on the 100 largest cyber incidents of the last five years, totaling $18 billion in reported losses and 10 billion compromised records. This report breaks down the costs, categorizes incident types, identifies the actors behind these events and the actions they employed, and improves understanding of how these events impacted the organizations involved.

The 2020 update of this survey-based review of the costs of a data breach, as reported by practitioners in the field.

The annual report on the composition and findings of security testing as powered by BugCrowd’s bug bounty platform of nearly 3,500 security testers.

Using breach information from Advisen, this report seeks to fill in missing gaps in the loss frequency and impact side of quantitative risk analysis. Using real world reported data on publicly-discoverable breaches, commonly held myths of cost per record estimates are debunked and replacement hard statistics are given to replace incorrect estimates.

Ponemon Institute is pleased to present the findings of the 2020 Cost of Insider Threats: Global study. Sponsored by ObserveIT and IBM, this is the third benchmark study conducted to understand the direct and indirect costs that result from insider threats.

Using survey data from 2,500 security professionals who indicated they have some measure of privacy responsibilities, this report provides analysis on the ROI for privacy efforts, maturity of privacy programs, vendor selection, and other topics.