This report summarizes our findings and provides a resource for benchmarking an organization’s approach to risk oversight against current practices. In addition to highlighting key findings for the full sample of 560 respondents, we also separately report many of the key findings for the following subgroups of respondents: 152 large organizations (those with revenues greater than $1 billion), 129 publicly traded companies, 151 financial services entities and 156 not-for-profit organizations. (more available)

The goal of the study was to provide a state-of-the-market on third-party risk with actionable recommendations that organizations can take to grow and mature their programs across every stage of the third-party risk lifecycle. (more available)

Between February and March 2022, Prevalent conducted a study on current trends, challenges and initiatives impacting third-party risk management (TPRM) practitioners worldwide. (more available)

This free public report from the Cyentia IRIS Risk Retina series clears away the fog of FUD, providing parameters for frequency and loss of publicly discoverable cyberevents in the nonprofit sector. (more available)

This report is based on an annual survey of boards of directors and C-suite executives about risks on the horizon for the upcoming year. (more available)

Using RiskRecon’s assessment information, explanatory models are built to demonstrate the value of technical information in predicting measures of risk at varying levels of greater technical insight. (more available)

This report provides the results of the third study the ACFE has done on the fight against fraud in the wake of COVID-19. (more available)

A deep dive into the nature of the finance sector’s public risk surface. Reviewing subsectors of the finance ecosystem, including supply chains. (more available)

This sixth volume of the Prioritization to Prediction series combines vulnerability data from Kenna’s customers with additional intelligence from Fortinet and others. (more available)

A survey-driven report of over 150 third-party risk practitioners to understand the challenges facing their programs, the actions those professionals are taking to address the challenges, and identify success factors. (more available)

The tenth annual survey of risk managers, insurance buyers and other risk professionals. This covers the results of over 400 responses on attitudes and behaviors to cyber insurance and perceptions of risk. (more available)

This report evaluates the state of security in healthcare in 2020, and compares it against 3-years' worth of historical client data. (more available)

A deep dive into the nature of the healthcare sector’s public risk surface. Reviewing subsectors of the healthcare ecosystem, including supply chains. (more available)

Uses survey-based polling to identify common challenges organizations face in managing third part risk management (TPRM) programs. Also provides analysis on some possible ways of addressing these concerns. (more available)

A survey of over 1,000 firms into how cybersecurity leaders organize their programs, where they invest, and which technologies, processes, and analytical tools they use. (more available)

A survey of 166 US health information security professionals. Discusses the prevalence of significant security events (primarily e-mail based), positive advances in healthcare security, the threat of complacency when managing programs, and area where there are control gaps. (more available)

Using breach information from Advisen, this report seeks to fill in missing gaps in the loss frequency and impact side of quantitative risk analysis. (more available)

Q1 2020 was an extremely turbulent time as the world dealt with the spread of COVID-19 and many businesses shifted to a fully remote work environment for the first time. (more available)

The goal of the study was to provide a state-of-the-market on third-party risk with actionable recommendations that organizations can take to grow and mature their programs. (more available)

This report encourages market participants to review their practices, policies and procedures with respect to cybersecurity and operational resiliency. It states that assessing your level of preparedness and implementing some or all of the above measures will make your organization more secure. (more available)

This is a study on third party risk from Gartner. It covers how third party risks are changing, how companies are managing third party risks, and taking an iterative approach to third party risks. (more available)