The third annual Future of Application Security survey reveals how key stakeholders are responding to this challenge. We surveyed 1504 developers, CISOs, and AppSec managers from a broad range of industries across the US, Europe, and Asia-Pacific regions. The responsibility has shifted away from dedicated security teams and is now shared between AppSec managers and developers.

This annual report features the work of 37 sophisticated cybersecurity teams working in partnership to advance 29 open-source projects that improve cyber defense for the whole community. This report captures the energy and passion that Center Participants bring to advancing threat- informed defense for all. Use it as a reference and share it with your teams and colleagues to further change the game on the adversary.

The Workplace Identity Security Trends and Challenges report investigates the identity security landscape and challenges facing organizations today. The research finds that many struggle to build an integrated and comprehensive identity security strategy, relying on disconnected tools and practices that create inefficiencies and leave organizations seriously vulnerable to attacks and breaches.

In this year’s report, 500 U.S.-based ITOps professionals express how automation increases their IT agility –reducing costs and enhancing endpoint management capabilities. The report also reveals that less than half (44%) of organizations have high ITOps agility, with the most agile showing mature uses of AI and workflow automation tools.

As organizations ramp up adoption of AI, edge and multi-cloud infrastructure, they will need broader and deeper visibility into expanding environments. This panoramic view is only possible when all relevant teams and stakeholders are aligned. That’s why organizations should ingrain security into all processes, functions and phases of development. In 2024, collaboration will be essential as resilience becomes non-negotiable. With communication, trust and a commitment to shared strengths, organizations can remain resilient through adversity next year and beyond.

As the findings in this report show, these attacks are also having a greater impact, adding to pressure on security leaders to choose the right solutions and keep the entire environment safe, without sacrificing overall performance or innovation. The 1,200 respondents agreed overwhelmingly on the effectiveness of segmentation in keeping assets protected, but their overall progress in deploying it around critical business applications and assets was lower than expected.

In April 2023, ReversingLabs partnered with Dimensional Research to survey 321 security and IT professionals on their software supply chains for its report, “Software Supply Chain Security Risk Survey.” This analysis presents key findings and actionable recommendations for security organizations in four key areas: traditional applications security shortcomings, software supply chain complexity and security, security in software development and enterprise-wide security risks.

This white paper explores the 5-step process, highlighting our findings across many data sources and rigorous testing of our telemetry pipeline. As we detail our methodology, we’ll also suggest different use cases. The goal is to showcase our journey and equip you with the tools and understanding to optimize your telemetry data.

The 2023 SANS Security Awareness Report analyzes data provided by nearly two-thousand security awareness professionals from around the world to identify and benchmark how organizations are managing their human risk. This data-driven report provides actionable steps and resources to enable organizations at any stage of their Awareness program to mature said programs and benchmark them against others.

Today, a new reality is taking shape, based on Deloitte’s 2023 Global Future of Cyber Survey, which asked hundreds of leaders across industries and across the globe to share their views on cyber threats, enterprise activities, and the future. The survey included C-suite executives across the enterprise, as well as other senior leaders with responsibility for IT, security, and risk. This new reality is grounded by the following findings.

This survey was designed to shed light on current practices, obstacles, and perspectives in vulnerability management. Through understanding how organizations are tackling these challenges, the “2023 State of Vulnerability Management” report offers strategic insights and industry benchmarks.

Our new report examines how the interplay of all these factors will result in increased attacker opportunity. Indeed, as adversaries embrace artificial intelligence (AI) to enhance and scale their identity based attacks, security teams are being asked to do more with less as budget cuts widen existing skills and resource gaps.

For this year’s report, we have incorporated additional data from previous years to provide an enhanced view of the present threat climate. Additionally, given the prevalence of internal compromises over external, we chose to focus the bulk of our analysis on internal attack vectors, and then compared this data to maturity scores.

The global Study on Closing the IT Security Gap: Addressing Cybersecurity Gaps from Edge to Cloud, now in its third year, is sponsored by Hewlett Packard Enterprises (HPE) to look deeply into the critical actions needed to close security gaps and protect valuable data. In this year’s research, Ponemon Institute surveyed 2,084 IT and IT security practitioners in North America, the United Kingdom, Germany, Australia, Japan, and for the first time, France. All participants in this research are knowledgeable about their organizations’ IT security and strategy and are involved in decisions related to the investment in technologies.

CISOs are facing increased challenges in an escalating threat landscape, with email as the primary target for attacks. This white paper breaks down the requirements for modern email security in protecting organizations from advanced and novel threats – moving from historically-trained tools to a behavioral, AI-driven approach.

This year, ClubCISO celebrates the release of its 10th Annual Security Maturity Report, conducted from an anonymous survey of 182 senior executives with responsibility for their organizations’ information security. The report outlines clear trends across the EMEA information security landscape, enabling businesses to benchmark their security investments against peer organizations. The report sheds some light on the current opportunities and challenges of today’s information security leaders.

In this report you’ll gain valuable insights into the current state of cyber resilience, understand the latest threats, trends, and best practices to protect your organization effectively. Discover proactive strategies and technological solutions to bolster your organization’s cyber defenses, mitigating risks and minimizing the financial impact of potential cyber attacks.

Our CEO Report on Cyber Resilience draws on 37 interviews with CEOs of large global enterprises. It explores the role chief executives need to play in successfully managing cybersecurity risks. Our interviews with CEOs reveal that this shift to thinking about cyber resilience requires fundamental changes in approach: how they think about cybersecurity (their mindsets) and how they act (their playbooks).

Within this context, we surveyed over 2,000 cybersecurity decision-makers in 22 countries, working in enterprises with over 500 employees, to understand the current state of business enablement. More precisely, we wanted to identify, with data, the kinds of attributes that have a meaningful impact on business enablement, including alignment, skills, and organizational structures. In this report, you’ll get a picture of the current situation and understand some of the drivers that determine not just cybersecurity posture but also business success.

Executives clearly recognize the danger. Almost three-quarters (74%) of 168 executives recently surveyed by Harvard Business Review Analytic Services regard cyber risk as one of the top-three risks their company faces today, and 67% predict it will be a top three risk two years for now. Only half of respondents, however, say they are successful or very successful at generating insights and enabling informed decisions on cyber risk and at anticipating, preparing for, and responding to future cyber incidents.

This research was conducted to understand the challenges and issues facing businesses in the United States (U.S.) when it comes to escalating cyberattacks. It identifies trends in hacking and malicious attacks, and the financial and repetitional impact breaches had in what has been an unprecedented year. It examines U.S. organizations’ plans for securing new technology, adopting a cloud-first security strategy, and dealing with the complexity of the current cybersecurity management environment.