For this survey, we surveyed 426 security professionals directly responsible for managing cyber vulnerabilities in their day-to-day work. The survey was conducted online via Pollfish using organic sampling. (more available)

This report is based on comprehensive survey of 578 cybersecurity professionals to reveal how AWS user organizations are responding to evolving cloud security threats, and what tools and best practices cybersecurity leaders prioritize as their cloud infrastructures mature. (more available)

This report offers IT, risk management and security leaders a lens into factors that can increase or help mitigate the rising cost of data breaches. (more available)

This report dives into major security challenges, while also providing guidance for how enterprises can close the gap between what attackers see and what defenders think they’re protecting. (more available)

This study leverages a vast dataset spanning over 77,000 cyber events experienced by 35,000 organizations over the last decade. This dataset is drawn from Advisen’s Cyber Loss Data, which contains over 138,000 cyber events collected from publicly verifiable sources. (more available)

This report summarizes our findings and provides a resource for benchmarking an organization’s approach to risk oversight against current practices. In addition to highlighting key findings for the full sample of 560 respondents, we also separately report many of the key findings for the following subgroups of respondents: 152 large organizations (those with revenues greater than $1 billion), 129 publicly traded companies, 151 financial services entities and 156 not-for-profit organizations. (more available)

The goal of the study was to provide a state-of-the-market on third-party risk with actionable recommendations that organizations can take to grow and mature their programs across every stage of the third-party risk lifecycle. (more available)

Between February and March 2022, Prevalent conducted a study on current trends, challenges and initiatives impacting third-party risk management (TPRM) practitioners worldwide. (more available)

This free public report from the Cyentia IRIS Risk Retina series clears away the fog of FUD, providing parameters for frequency and loss of publicly discoverable cyberevents in the nonprofit sector. (more available)

This report is based on an annual survey of boards of directors and C-suite executives about risks on the horizon for the upcoming year. (more available)

Using RiskRecon’s assessment information, explanatory models are built to demonstrate the value of technical information in predicting measures of risk at varying levels of greater technical insight. (more available)

This report provides the results of the third study the ACFE has done on the fight against fraud in the wake of COVID-19. (more available)

A deep dive into the nature of the finance sector’s public risk surface. Reviewing subsectors of the finance ecosystem, including supply chains. (more available)

This sixth volume of the Prioritization to Prediction series combines vulnerability data from Kenna’s customers with additional intelligence from Fortinet and others. (more available)

A survey-driven report of over 150 third-party risk practitioners to understand the challenges facing their programs, the actions those professionals are taking to address the challenges, and identify success factors. (more available)

The tenth annual survey of risk managers, insurance buyers and other risk professionals. This covers the results of over 400 responses on attitudes and behaviors to cyber insurance and perceptions of risk. (more available)

This report evaluates the state of security in healthcare in 2020, and compares it against 3-years' worth of historical client data. (more available)

A deep dive into the nature of the healthcare sector’s public risk surface. Reviewing subsectors of the healthcare ecosystem, including supply chains. (more available)

Uses survey-based polling to identify common challenges organizations face in managing third part risk management (TPRM) programs. Also provides analysis on some possible ways of addressing these concerns. (more available)

A survey of over 1,000 firms into how cybersecurity leaders organize their programs, where they invest, and which technologies, processes, and analytical tools they use. (more available)

A survey of 166 US health information security professionals. Discusses the prevalence of significant security events (primarily e-mail based), positive advances in healthcare security, the threat of complacency when managing programs, and area where there are control gaps. (more available)