More than 4,700 executives were surveyed in March and April of 2021 in order to understand the extent to which organizations prioritize security, how comprehensive their security plans are, and how their security investments are performing.

Endpoint security is the last line of defense. Now more than ever, effective endpoint protection is essential to the success of any cybersecurity program. The good news? A powerful endpoint security solution can help you avoid major incidents while setting you up for success across other business areas.

Do exploit code releases help or harm defenders? We decided to put this hotly contested debate to the test. The seventh volume of the Prioritization to Prediction series produced in conjunction with the Cyentia Institute attacks this debate from all angles. Poring over Kenna Security’s own threat and vulnerability intelligence, anonymized platform data, and Fortinet exploitation data, we analyzed over 6 billion vulnerabilities affecting 13 million active assets across nearly 500 organizations.

What makes for successful cybersecurity? Is there evidence that security investments result in measurable outcomes? How do we know what actually works and what doesn’t? These are the types of burning questions guiding Cisco’s 2021 Security Outcomes Study, which pulls together the experiences of over 4,800 IT, security, and privacy professionals around the world. This document is an offshoot of the larger study that focuses on small and midsize businesses (SMBs). Discover how SMBs compare to larger enterprises when it comes to security, and what key factors contributed to successful security planning in companies like yours.

This report looks at the roles and responsibility CISO’s have, highlighting changes over the past 12-18 months.

Based on a survey of over 4,800, this report reviews the practices that lead to positive outcomes for security programs. Linking together practices that are more (or less) successful to the characteristics of positive outcomes, this report aims to give guidance for where practitioners can focus their efforts to achieve similar outcomes.

The 2020 edition of this annual report uses results of software scan patterns and results across thousands of global customers. A focus for this edition is the effects of nature (the corporate environment of applications) vs. nurture (the behaviors developers take) and the relative effect each has on application security.

This report attempts to understand the theory and practice of web application security in organizations worldwide.

This study captures and analyzes a large set of information about phishing attacks, in order to better understand how much phishing is taking place, where it is taking place, and to see if the data suggests better ways to fight phishing.

An extension of the Prioritization to Prediction series, this report uses a sample of over 40 manufacturing sector firms to better understand the means and metrics of vulnerability management with the sector.

An extension of the Prioritization to Prediction series, this report uses a sample of approximately 30 healthcare sector firms to better understand the means and metrics of vulnerability management with the sector.

An extension of the Prioritization to Prediction series, this report uses a sample of approximately 100 finance sector firms to better understand the means and metrics of vulnerability management with the sector.

An extension of the Prioritization to Prediction series, this report uses a sample of approximately 70 technology services to better understand the means and metrics of vulnerability management with the sector.

This study examines trends in application development security. It looks as the extent to which security teams understand modern development practices, what influences application security investments, and the dynamic between development teams and cybersecurity teams.

A survey of 416 security and 425 business executives, combined with telephone interviews of five business and security executives to explore the strategies and practices and medium and large enterprises. Covers board level visibility, explaining the company’s risk posture, risk management, and the role of cybersecurity in business strategy.

A survey driven review of 25 indicators via 157 questions spanning 193 respondents. This attempts to focus on factors influencing cybersecurity strategy design and implementation on a year-over-year basis.

A survey driven review of 25 indicators via 50 questions spanning nearly 160 respondents. This attempts to focus on factors influencing cybersecurity strategy design and implementation on a year-over-year basis.

This report focuses on an analysis of security controls effectiveness across the multiple stages of attack lifecycles within 11 global industries. To gather data, our experts executed thousands of tests comprised of real attacks, specific malicious behaviors, and actor-attributed techniques and tactics. The report data provides measured evidence of leading enterprise production environments across network, email, endpoint and cloud-based security controls.

This report explains the findings of a study the did, showing that seeking the exact technology to solve your newest, most pressing security concern may actually be multiplying security gaps that slow you down instead of simplifying your security environment.

A survey of 450 individuals on cybersecurity spending plans, areas of investment, and workforce requirements.

A survey of 400 public sector IT decision makers and influencers to determine challenges faced by public sector IT professionals, security threats, and cybersecurity capabilities.