This report underscores the challenge facing corporate, government and not-for-profit debt issuers: rising cybersecurity incidents, higher costs to combat them, and an imbalance in the executive and risk management experience needed to manage them properly. (more available)

The 2021 Identity and Access Management Report reveals the increasing importance of managing access as part of an organization’s overall risk management and security posture in the new normal of hybrid work locations. (more available)

The 2022 Vulnerability Management Report is based on a comprehensive survey of over 390 cybersecurity professionals in September 2022 to gain insights into the latest trends, key challenges and solutions preferences for vulnerability management. (more available)

The goal of this report is to offer a view on the state of compliance in today’s typical organization, including: the rate of noncompliance among a typical organization’s assets, the compliance standards that are hardest for organizations to adhere to, how well compliance tracks against the overall risk surface and the most common security controls causing non-compliance. (more available)

This report summarizes our findings and provides a resource for benchmarking an organization’s approach to risk oversight against current practices. In addition to highlighting key findings for the full sample of 560 respondents, we also separately report many of the key findings for the following subgroups of respondents: 152 large organizations (those with revenues greater than $1 billion), 129 publicly traded companies, 151 financial services entities and 156 not-for-profit organizations. (more available)

This study offers the kind of insights CISOs have long been asking for - to benchmark their situation and experience against others; to learn from what their peers are doing and planning to do ; and to validate ideas and obtain solid data to justify investments in these areas. (more available)

The goal of the study was to provide a state-of-the-market on third-party risk with actionable recommendations that organizations can take to grow and mature their programs across every stage of the third-party risk lifecycle. (more available)

Between February and March 2022, Prevalent conducted a study on current trends, challenges and initiatives impacting third-party risk management (TPRM) practitioners worldwide. (more available)

This report creates an overall picture of the cybersecurity capabilities of public power utilities. Moreover, it supports the previous year’s findings and provides a consistent approach for supporting DOE’s Multiyear Plan for Energy Sector Cybersecurity. (more available)

The pandemic has changed everything. What strategies are CISOs and other security leaders implementing to ensure their organizations are secure in today’s uncertain environment? (more available)

This report is based on an annual survey of boards of directors and C-suite executives about risks on the horizon for the upcoming year. (more available)

An analysis of cyber claims combined with metaanalysis from other reports, focusing on ransomware. Frequency, loss forms, and suggested controls are discussed. (more available)

An insurance oriented treatment on key trends impacting cyber insurance, based upon meta-analysis from several sources, including Advisen, McKinsey, Sophos and others. (more available)

Every year, enterprises spend millions on security technology and training — only to be caught on the hamster wheel of responding to incidents caused by recurrent human errors. (more available)

Using RiskRecon’s assessment information, explanatory models are built to demonstrate the value of technical information in predicting measures of risk at varying levels of greater technical insight. (more available)

This report looks at the roles and responsibility CISO’s have, highlighting changes over the past 12-18 months.

This report aims to capture the mood and environment of the cybersecurity workforce in the midst of the COVID-19 pandemic. It reveals the impact COVID-19 has had on cybersecurity professionals and teams and the challenges many of them have had to overcome. (more available)

An analysis on the indicators to be derived from detecting Internet of Things (IoT) in organization’s public internet facing profiles.

A deep dive into the nature of the finance sector’s public risk surface. Reviewing subsectors of the finance ecosystem, including supply chains. (more available)

A survey-driven report of over 150 third-party risk practitioners to understand the challenges facing their programs, the actions those professionals are taking to address the challenges, and identify success factors. (more available)

This report is based on a survey of investigators from over 150 organizations. It seeks to better understand financial crime and how companies deal with it. (more available)