The 2021 SOAR Report is based on a comprehensive survey of cybersecurity professionals to uncover the latest trends, use cases, and benefits of SOAR solutions. (more available)

The 2021 zero trust report reveals how enterprises are implementing zero trust security in their organizations, including key drivers, adaption trends, technologies, investments, and benefits. (more available)

This report reveals that the expanded use of applications for business-critical applications, combined with the increased pace of application changes that come with DevOps methodologies, has created security challenges for organizations. (more available)

The 2022 State of Security Posture Report reveals that cybersecurity teams are struggling to measure and improve their security posture as their organizations move to the cloud and as their leadership increasingly expects them to measure cyber risk in monetary terms due to the rise of ransomware and the general impact of cyber attacks to business. (more available)

The 2022 Vulnerability Management Report is based on a comprehensive survey of over 390 cybersecurity professionals in September 2022 to gain insights into the latest trends, key challenges and solutions preferences for vulnerability management. (more available)

This report surveyed 278 cybersecurity professionals to reveal the key challenges regarding security visibility, how organizations solve this issue, and the security capabilities organizations prioritize. (more available)

The 2022 State of Security Posture Report reveals that cybersecurity teams are struggling to measure and improve their security posture as their organizations move to the cloud and as their leadership increasingly expects them to measure cyber risk in monetary terms due to the rise of ransomware and the general impact of cyber attacks to business. (more available)

This report dives into major security challenges, while also providing guidance for how enterprises can close the gap between what attackers see and what defenders think they’re protecting. (more available)

The 2022 Cloud Security Report is based on a comprehensive survey of 775 cybersecurity professionals conducted in January 2022, to uncover how cloud user organizations are responding to security threats in the cloud, and what training, certifications, and best practices IT cybersecurity leaders are prioritizing in their move to the cloud. (more available)

The 2022 SIEM Report is based on a survey of 348 cybersecurity professionals and represents one of the industry’s most comprehensive annual studies on SIEM, exploring the latest trends, key challenges, and solution preferences in this market. (more available)

The information included in this report is summary data from the pentesting performed in 2018. Additionally, we provide survey data from respondents in security, management, operations, DevOps, product, and developer roles. (more available)

This report reveals the challenges we face as a security industry and points towards a balanced path of expertise and automation to guide our work. (more available)

CISOs aren’t alone in recognizing the need for new threat detection and response strategies. In fact, security technology providers are championing a new technology initiative dubbed eXtended Detection and Response (XDR). (more available)

We do two very important and timely things in this report. We first explore ways to measure exploitability for individual vulnerabilities—and far more importantly—entire organizations. (more available)

An extension of the Prioritization to Prediction series, this report uses a sample of over 40 manufacturing sector firms to better understand the means and metrics of vulnerability management with the sector. (more available)

An extension of the Prioritization to Prediction series, this report uses a sample of approximately 30 healthcare sector firms to better understand the means and metrics of vulnerability management with the sector. (more available)

An extension of the Prioritization to Prediction series, this report uses a sample of approximately 100 finance sector firms to better understand the means and metrics of vulnerability management with the sector. (more available)

An extension of the Prioritization to Prediction series, this report uses a sample of approximately 70 technology services to better understand the means and metrics of vulnerability management with the sector. (more available)

This study examines trends in application development security. It looks as the extent to which security teams understand modern development practices, what influences application security investments, and the dynamic between development teams and cybersecurity teams. (more available)

This report takes a look at the gap between business and cybersecurity, showing how the two have been aligning.

Using RiskRecon’s telemetry of the public risk surface of thousands of organizations, this report takes a look at services which are commonly viewed as unsafe. (more available)