This report represents organizations that are proactively integrating tools like Veracode into their AppSec programs. Organizations without scanning integrated into their development processes will likely have a higher prevalence of security flaws than shown here. The results do show a steady downward trend over the last eight years. We’re particularly encouraged to see that the prevalence of high-severity flaws has dropped to half of what it was back in 2016.

Trellix surveyed and interviewed 525 security leaders from around the world. Partnering with Vanson Bourne, we talked to CISOs in 9 countries who work at organizations that range from 1,000 to more than 10,000 employees. We spoke with CISOs who oversee SOC teams in a range of industries, including public sector, healthcare, and financial services.

This paper seeks to introduce some of the new knowledge sources and actionable data, along with a data-driven approach that puts custom cyber intelligence at the center of the process seeking to deliver the tools to help the organization stay as close to the front of the race as possible.

This 2023 Cloud Security Report surveyed 752 cybersecurity professionals to reveal key challenges and priorities. In 2023, the cloud is fundamentally delivering on its promised business outcomes, including flexible capacity and scalability, increased agility, improved availability, and accelerated deployment and provisioning.

This report offers an in-depth examination of the underlying condition that enables such incidents to take place-the widespread interdependence of modern digital supply chains. We analyzed data from over 230,000 organizations to investigate the prevalence of security incidents among third parties. We then measure the extent of vendor relationships and explore the effects of that exposure. Finally, we compare the security posture of organizations to that of their third and fourth-parties to yield data-driven insights on how to identify risky vendors and better manage exposure.

The 2021 Cloud Security Report reveals how organizations are responding to security threats in the cloud, and which tools and best practices IT cybersecurity leaders are prioritizing in their move to the cloud. Cloud security concerns remain high as the adoption of public cloud computing continues to surge in the wake of the pandemic and the resulting massive shift to remote work.

The 2021 AWS Cloud Security Report is to uncover how AWS user organizations are responding to new security threats in the cloud, and what tools and best practices cybersecurity leaders are prioritizing in their move to the cloud. This year’s survey saw some significant changes in how organizations manage remediation of security and compliance issues with system owners.

This report is based on comprehensive survey of 578 cybersecurity professionals to reveal how AWS user organizations are responding to evolving cloud security threats, and what tools and best practices cybersecurity leaders prioritize as their cloud infrastructures mature.

This report summarizes our findings and provides a resource for benchmarking an organization’s approach to risk oversight against current practices. In addition to highlighting key findings for the full sample of 560 respondents, we also separately report many of the key findings for the following subgroups of respondents: 152 large organizations (those with revenues greater than $1 billion), 129 publicly traded companies, 151 financial services entities and 156 not-for-profit organizations.

The 2022 Cloud Security Report is based on a comprehensive survey of 775 cybersecurity professionals conducted in January 2022, to uncover how cloud user organizations are responding to security threats in the cloud, and what training, certifications, and best practices IT cybersecurity leaders are prioritizing in their move to the cloud. The respondents range from technical executives to IT security practitioners, representing a balanced cross-section of organizations of varying sizes across multiple industries.

When it comes to security, there is a paradox. Security can enable businesses to scale and grow, but confusion around security and overly rigid practices can introduce unnecessary red tape. Our survey reveals that startups struggle to find the balance between managing risks and prioritizing security.

This 2022 Cloud Security Report, based on a comprehensive global survey of cybersecurity professionals, reveal these security challenges and offers insights on the state of the cloud and cloud security today. The study reviews organizations’ choices and responses as they try to gain more confidence in securing their cloud environments.

This report creates an overall picture of the cybersecurity capabilities of public power utilities. Moreover, it supports the previous year’s findings and provides a consistent approach for supporting DOE’s Multiyear Plan for Energy Sector Cybersecurity.

Based on a survey of over 4,800, this report reviews the practices that lead to positive outcomes for security programs. Linking together practices that are more (or less) successful to the characteristics of positive outcomes, this report aims to give guidance for where practitioners can focus their efforts to achieve similar outcomes.

A survey driven review of 25 indicators via 157 questions spanning 193 respondents. This attempts to focus on factors influencing cybersecurity strategy design and implementation on a year-over-year basis.

This report provides Advanced Cyber Security Center executives weighing in on the Board’s role as a strategic partner to management in balancing digital transformations and cybersecurity risks.

This very thorough report offers insight into the future of the Mobile trends of 2019.

From the Report, “When you are faced with multiple risks and regulatory requirements, as well as constantly-changing industry trends, how do you connect the dots? How do you bring all this information together in a way that is meaningful to your organization? MetricStream Research offers you a range of cutting-edge GRC research reports, insights, and analyses that empower you to make informed and effective decisions on your GRC Journey®. Through primary and secondary research, we analyze the latest GRC trends and developments, and transform this data into the intelligence you need to drive exceptional performance.”

From the report, “Much like DevOps itself, pervasive automation is equal parts process, tooling, and culture. Taking the journey represents a collective commitment by the entire organization, one where the goal is realizing the competitive advantage offered by software automation. Leadership builds the strategy, managers plan how to get there, and then it’s up to the teams to sustain an ongoing effort. New challenges will arise as new technologies are released: cloud services, containers, and server-less computing for example. Automating processes to adapt to tomorrow’s technology means staying on the path toward pervasive automation. Then, deliver the business value and agility it promises. While it’s impossible to get to an “absolutely” automated state, this journey keeps you as close as possible by continuously leveraging the latest DevOps and automation practices across your organization.”

In our 24-criterion evaluation of the emerging managed security services providers (MSSPs) market, we identified the 10 most significant providers, and researched, analyzed, and scored them. This report shows how each provider measures up to help security leaders make the right choice.

“In last year’s report, we sought to break down walls of misunderstanding between cybersecurity leaders and corporate directors. We continue chipping away at those walls this year, but expand the scope of our research to include a broader set of stakeholders and topics relevant to our increasingly important goal.”