This sixth volume of the Prioritization to Prediction series combines vulnerability data from Kenna’s customers with additional intelligence from Fortinet and others. This volume provides a quantitative analysis of the timeline of key dates in the lifecycle of an exploited vulnerability, exploring the effects of releasing exploit code relative to the date of CVE publication and patch availability, discussing the ramifications to attackers and defenders.

A survey-driven report of over 150 third-party risk practitioners to understand the challenges facing their programs, the actions those professionals are taking to address the challenges, and identify success factors.

The tenth annual survey of risk managers, insurance buyers and other risk professionals. This covers the results of over 400 responses on attitudes and behaviors to cyber insurance and perceptions of risk.

This report evaluates the state of security in healthcare in 2020, and compares it against 3-years’ worth of historical client data.

A deep dive into the nature of the healthcare sector’s public risk surface. Reviewing subsectors of the healthcare ecosystem, including supply chains.

Uses survey-based polling to identify common challenges organizations face in managing third part risk management (TPRM) programs. Also provides analysis on some possible ways of addressing these concerns.

A survey of over 1,000 firms into how cybersecurity leaders organize their programs, where they invest, and which technologies, processes, and analytical tools they use. A goal of focusing on guidng readers to optimize the use of cybersecurity resources.

A survey of 166 US health information security professionals. Discusses the prevalence of significant security events (primarily e-mail based), positive advances in healthcare security, the threat of complacency when managing programs, and area where there are control gaps.

Using breach information from Advisen, this report seeks to fill in missing gaps in the loss frequency and impact side of quantitative risk analysis. Using real world reported data on publicly-discoverable breaches, commonly held myths of cost per record estimates are debunked and replacement hard statistics are given to replace incorrect estimates.

Q1 2020 was an extremely turbulent time as the world dealt with the spread of COVID-19 and many businesses shifted to a fully remote work environment for the first time. The Threat Stack Security Operations Center has had a first-hand look at the impact this has had on Threat Stack customers through our regular work investigating suspicious behavior, triaging alerts, and providing recommendations on how to proactively reduce risk and remediate incidents.

The goal of the study was to provide a state-of-the-market on third-party risk with actionable recommendations that organizations can take to grow and mature their programs.

This report encourages market participants to review their practices, policies and procedures with respect to cybersecurity and operational resiliency. It states that assessing your level of preparedness and implementing some or all of the above measures will make your organization more secure. OCIE will continue to focus on working with organizations to identify and address cybersecurity risks and encourages market participants to actively engage regulators and law enforcement in this effort.

This is a study on third party risk from Gartner. It covers how third party risks are changing, how companies are managing third party risks, and taking an iterative approach to third party risks.

The 2019 Survey of 211 participants covers Overall risk security, Risk Management, and also covers what job titles are involved, and what industries are involved.

This report goes in depth into the state of Internet security, including how companies are storing data, orgation’s internet surface areas, and where exposures exist the most.

This study was designed to examine the growing concern of cyber risks and the importance of cyber assessment during mergers and acquisitions (M&A) and determine how well companies are prepared to deal with cyber risk during M&A from the perspective of IT Decision Makers (ITDMs) and Business Decision Makers (BDMs). Are key decision makers concerned about cyber during an acquisition? What factors are considered as part of the due diligence and evaluation process before, during and after acquisition? Do cyber incidents lead to delays in acquisition? What does cyber risk mean for companies looking to acquire? How can they best protect themselves during this important process to minimize risk and protect their companies? This report explores these questions and others, and provides recommendations for effectively managing cybersecurity risks during an acquisition.

Aon is supporting its global clients to respond to political risks and security challenges by using the analysis derived from the maps to inform the creation of a more robust risk management programme. We hope this year’s maps provide you with the insights that you need to better protect your business, and should you need to discuss any aspects of your insurance coverage – or how these risks affect your exposure – please contact the team.

Every organization, industry and economy around the world is confronting more risks than ever before. Considering this backdrop, it’s troubling that many organizations report that they may be less prepared than they have ever been. A key insight from Aon’s 2019 Global Risk Management Survey is that organizations need to be more prepared for the broad range of risks that threaten their ability to continue growing, protecting their brand and serving clients and stakeholders.

The essays in this eBook provide a wealth of information and present an inside look at an aspect of cybersecurity that is still not well understood. I am certain that anyone responsible for critical industrial operations will benefit from the advice and experiences of those who have contributed to this eBook.

This document recommends best practices for endpoint security in industrial applications under the broader scope of industrial internet security.

This paper offers insight and direction to election officials seeking to assess the security of their entire election ecosystem.