A deep dive into the nature of the finance sector’s public risk surface. Reviewing subsectors of the finance ecosystem, including supply chains. (more available)

A survey-driven report of over 150 third-party risk practitioners to understand the challenges facing their programs, the actions those professionals are taking to address the challenges, and identify success factors. (more available)

This report is based on a survey of investigators from over 150 organizations. It seeks to better understand financial crime and how companies deal with it. (more available)

The tenth annual survey of risk managers, insurance buyers and other risk professionals. This covers the results of over 400 responses on attitudes and behaviors to cyber insurance and perceptions of risk. (more available)

This report evaluates the state of security in healthcare in 2020, and compares it against 3-years’ worth of historical client data. (more available)

A deep dive into the nature of the healthcare sector’s public risk surface. Reviewing subsectors of the healthcare ecosystem, including supply chains. (more available)

A survey of over 1,500 CIOs, CISO, and Chief Procurement Officers on their concerns and actions for supply chain management. This is a US specific version of the main report. (more available)

A survey of over 1,500 CIOs, CISO, and Chief Procurement Officers on their concerns and actions for supply chain management.

A survey of 1,000 insurance professionals and risk managers from 56 countries on their beliefs on the impact of COVID-19 and cyber exposure. (more available)

This report takes a look at the gap between business and cybersecurity, showing how the two have been aligning.

Now in its sixth year, Sonatype’s State of the Software Supply Chain Report continues to examine measurable practices of secure open source software development and delivery. (more available)

A survey of 416 security and 425 business executives, combined with telephone interviews of five business and security executives to explore the strategies and practices and medium and large enterprises. (more available)

A review of community members opinions on their prioritization for identity access management systems, the challenges implementing these solutions, and the desired capabilities when selecting IAM technologies. (more available)

A deep dive into the state of deploying the latest TLS version (v1.2) and the use of this signal for correlating with broader public-facing risk surfaces and characteristics of firms. (more available)

Uses survey-based polling to identify common challenges organizations face in managing third part risk management (TPRM) programs. Also provides analysis on some possible ways of addressing these concerns. (more available)

A survey of over 1,000 firms into how cybersecurity leaders organize their programs, where they invest, and which technologies, processes, and analytical tools they use. (more available)

Using breach information from Advisen, this report seeks to fill in missing gaps in the loss frequency and impact side of quantitative risk analysis. (more available)

Using breach data from Advisen, this report defines ripple effects of breaches as the impacts on companies more than one degree of separation from the company directly affected by the breach. (more available)

A special edition of the Veracode SOSS series, focusing on the vulnerabilities present in open source software libraries and the surrounding ecosystem. (more available)

This report seeks to provide actionable insight and practical advice to help organizations increase talent-gap resilience and avoid being left behind as the industry evolves. (more available)

The goal of the study was to provide a state-of-the-market on third-party risk with actionable recommendations that organizations can take to grow and mature their programs. (more available)