An extension of the Prioritization to Prediction series, this report uses a sample of approximately 100 finance sector firms to better understand the means and metrics of vulnerability management with the sector. (more available)

An extension of the Prioritization to Prediction series, this report uses a sample of approximately 70 technology services to better understand the means and metrics of vulnerability management with the sector. (more available)

This study examines trends in application development security. It looks as the extent to which security teams understand modern development practices, what influences application security investments, and the dynamic between development teams and cybersecurity teams. (more available)

This report takes a look at the gap between business and cybersecurity, showing how the two have been aligning.

Using RiskRecon’s telemetry of the public risk surface of thousands of organizations, this report takes a look at services which are commonly viewed as unsafe. (more available)

A survey-baed report of 1,848 IT and IT Security professionals on the challenges with vulnerability prioritization and the importance of patch management for the prevention of breaches. (more available)

A survey of 416 security and 425 business executives, combined with telephone interviews of five business and security executives to explore the strategies and practices and medium and large enterprises. (more available)

A review of community members opinions on their prioritization for identity access management systems, the challenges implementing these solutions, and the desired capabilities when selecting IAM technologies. (more available)

Covers the long tail of vulnerability patching, whereby vulnerabilities that are not fixed soon after detection can linger for months or more before being addressed. (more available)

Automation and integration is often hailed as a great enabler for the future. This survey identified how respondents are adopting systems, where their systems currently stand and what is on the planning horizon. (more available)

Ponemon Institute is pleased to present the findings of the second study on vulnerabilityand patch management. As shown inthis research, the severity and volume ofcyberattacks is increasing. (more available)

The 2019 Survey of 211 participants covers Overall risk security, Risk Management, and also covers what job titles are involved, and what industries are involved. (more available)

From the report, “The challenges facing security teams are, perhaps unfortunately, common knowledge by now. A constant rise in alert volume, a stark security skills gap, piecemeal processes, and siloed tools have made security operations a tough place to be. (more available)

This research was commissioned by Kenna Security. Kenna collected and provided the remediation dataset to the Cyentia Institute for independent analysis and drafting of this report. (more available)

This is a summary of vulnerability trends observed and investigated by the eSentire Security Operations Center (SOC) in 1H 2019.

This key findings’ report contains a synopsis of trends on how health systems are scaling innovation and a look-ahead at what the innovation perspectives and strategies of today may mean for the health systems tomorrow. (more available)

This technical whitepaper explains the challenges cybersecurity professionals face, how they’re prioritizing vulnerabilities today and how they can dramatically improve cyber risk management with Predictive Prioritization – the process of re-prioritizing vulnerabilities based on the probability that they will be leveraged in an attack. (more available)

This Spotlight report provides in-depth analysis of vulnerabilities and weaponization patterns across the entire family of Adobe products. By focusing on weaponization, we go beyond simply counting vulnerabilities, and instead reveal how popular software from a leading vendor becomes a beacon for attackers. (more available)

Automation balances machine-based analysis with human-based domain knowledge to help organizations achieve optimal workflows in the face of staff shortages and alert fatigue, all caused by an increasing number of destructive threats. (more available)

CyberGRX and Ponemon Institute surveyed over 600 IT security professionals to learn more about the cost and efficacy of the tools and processes used to conduct third-party cyber risk management today. (more available)

From the report, ““Realized coverage & efficiency vary greatly among firms—over 50% between top and bottom performers—indicating different remediation strategies lead to very different outcomes. (more available)