This report creates an overall picture of the cybersecurity capabilities of public power utilities. Moreover, it supports the previous year’s findings and provides a consistent approach for supporting DOE’s Multiyear Plan for Energy Sector Cybersecurity. (more available)

The pandemic has changed everything. What strategies are CISOs and other security leaders implementing to ensure their organizations are secure in today’s uncertain environment? (more available)

This report is based on an annual survey of boards of directors and C-suite executives about risks on the horizon for the upcoming year. (more available)

An analysis of cyber claims combined with metaanalysis from other reports, focusing on ransomware. Frequency, loss forms, and suggested controls are discussed. (more available)

An insurance oriented treatment on key trends impacting cyber insurance, based upon meta-analysis from several sources, including Advisen, McKinsey, Sophos and others. (more available)

Every year, enterprises spend millions on security technology and training — only to be caught on the hamster wheel of responding to incidents caused by recurrent human errors. (more available)

Using RiskRecon’s assessment information, explanatory models are built to demonstrate the value of technical information in predicting measures of risk at varying levels of greater technical insight. (more available)

This report looks at the roles and responsibility CISO’s have, highlighting changes over the past 12-18 months.

This report aims to capture the mood and environment of the cybersecurity workforce in the midst of the COVID-19 pandemic. It reveals the impact COVID-19 has had on cybersecurity professionals and teams and the challenges many of them have had to overcome. (more available)

An analysis on the indicators to be derived from detecting Internet of Things (IoT) in organization’s public internet facing profiles.

A deep dive into the nature of the finance sector’s public risk surface. Reviewing subsectors of the finance ecosystem, including supply chains. (more available)

A survey-driven report of over 150 third-party risk practitioners to understand the challenges facing their programs, the actions those professionals are taking to address the challenges, and identify success factors. (more available)

This report is based on a survey of investigators from over 150 organizations. It seeks to better understand financial crime and how companies deal with it. (more available)

The tenth annual survey of risk managers, insurance buyers and other risk professionals. This covers the results of over 400 responses on attitudes and behaviors to cyber insurance and perceptions of risk. (more available)

This report evaluates the state of security in healthcare in 2020, and compares it against 3-years' worth of historical client data. (more available)

A deep dive into the nature of the healthcare sector’s public risk surface. Reviewing subsectors of the healthcare ecosystem, including supply chains. (more available)

A survey of over 1,500 CIOs, CISO, and Chief Procurement Officers on their concerns and actions for supply chain management. This is a US specific version of the main report. (more available)

A survey of over 1,500 CIOs, CISO, and Chief Procurement Officers on their concerns and actions for supply chain management.

A survey of 1,000 insurance professionals and risk managers from 56 countries on their beliefs on the impact of COVID-19 and cyber exposure. (more available)

This report takes a look at the gap between business and cybersecurity, showing how the two have been aligning.

Now in its sixth year, Sonatype’s State of the Software Supply Chain Report continues to examine measurable practices of secure open source software development and delivery. (more available)