The Crypto Maturity Journey outlines considerations for cryptocurrency product rollout, enabling FIs to evaluate market opportunities while simultaneously addressing regulatory and compliance requirements. Over the last few years, cryptocurrency has become a mainstream asset class, with institutional investments as one factor in boosting adoption around the world. Institutions such as BlackRock, Fidelity, and Grayscale have launched Bitcoin and Ethereum ETPs, providing a more accessible avenue for retail and institutional investors to gain exposure to these digital assets.

Our goal at Black Kite is to make sure you gain awareness of what is most relevant in the threat landscape going into the new year. The focus remains on understanding emerging vulnerabilities seized by cybercriminals, as well as target industries falling victim to breaches, stemming from a lack of due diligence. We studied why certain industry sectors faced higher susceptibility to an attack, as well as the most vulnerable vendors to the initial breach themselves.

This report Risk Decisions 360 Emerging Risks That Can Impede Sustainable Company Growth, is the result of extensive research and insights aimed at empowering businesses to make informed decisions in the face of new and evolving risks. We examine critical areas that pose significant potential threats to growth, including cybersecurity, technological advancements, financial volatility and operational disruptions, among others – as well as delve into how business executives and owners view the skills and investment required, and the effectiveness of insurance, in mitigating these risks.

The Global Cybersecurity Outlook 2025 report includes a deeper analysis of the most important drivers of complexity and provides valuable insights into the most pressing cyber challenges in the year ahead and their potential implications for executives. Of large organizations, 54% identified supply chain challenges as the biggest barrier to achieving cyber resilience.

The Permiso Security State of Identity Security Report (2024) offers a comprehensive analysis of cloud identity and access management practices across global organizations. This study, encompassing over 500 entities, unveils critical trends and challenges shaping the future of identity security. 93% of organizations can inventory identities across all environments, as well as track keys, tokens, certificates and any modifications that are made to any environment.

This year’s edition of the Cyber Readiness Report explores the critical role of robust cyber resilience in mitigating evolving organisational risks and safeguarding reputations. This year’s research reveals that concerns of reputational damage, caused by the loss of sensitive information, is a driving force behind responses to ransomware attacks. Over the past 12 months, the top three reasons organisations paid ransom were: to protect their customer data, to protect their reputation, and to recover their data because they did not have any back-ups.

The OffSec Shift Report reveals how organizations are adapting to bring both defensive and offensive strategies to the cybersecurity battle. The past year was hard on cybersecurity teams. The persistent economic downturn led to 39% of organizations deprioritizing their cybersecurity strategy.

This report presents the main findings with respect to the current state of CISOs. This duality became evident during our recent discussions with about 100 prominent CISOs from across the U.S. and Canada. The new SEC cyber rules and landmark cases that the agency brought against CISOs point to new legal and liability exposure.

IANS and Artico Search conducted their fifth annual CISO Compensation and Budget Research Study. Our analysis of the key drivers behind security budget growth reveals significant increases are often triggered by incidents or breaches, or by rising risks such as those associated with AI adoption.

ThreatLabz found that ransomware attacks increased by 17.8% year-overyear based on blocked attempts in the Zscaler cloud, while ransomware attacks identified through data leak site analysis surged by 57.8%. The findings presented in this report underscore the need for organizations to prioritize protection against the relentless tide of ransomware. The insights and strategies in the report serve as a crucial guide for improving your ransomware defenses.

In this report, the term security awareness program is used to describe a structured effort to engage, train, and secure your workforce and build a strong security culture. However, many organizations refer to such efforts using different terms, including security behavior and culture, security engagement and influence, security training and education, security communications, or human risk management.

This report provides insights into the current state of enterprise cyber risk and the role of AI in it. AI is revolutionizing business and has the potential to significantly improve cybersecurity outcomes. Many already have plans to use integrated AI in cyber tools, especially for inferencing, data analysis, and GenAI conversational systems.

The report is based on the findings of an independent, vendor-agnostic survey commissioned by Sophos of 5,000 IT/cybersecurity leaders across 14 countries in the Americas, EMEA, and Asia Pacific. The research reveals that investing in cyber defenses to optimize your insurance position is a double win: organizations report both easier and cheaper access to coverage as well as wider benefits such as improved protection, fewer alerts, and freeing up IT time. This finding further emphasizes the importance of considering cyber risk investments holistically, rather than as individual components.

This report leverages N2K’s analytical strengths to map WiCyS members’ skills directly to the NICE Workforce Framework, categorizing capabilities into functional areas that highlight the unique strengths and potential growth opportunities for WiCyS members. By conducting thorough diagnostics and focused analyses, this partnership identifies the capabilities of WiCyS members and aligns them with industry standards to ensure that their skills are recognized and utilized to the fullest.

With the advent and spread of powerful new technologies, businesses are under more pressure than ever to secure their organizations from the start of new computing developments. This report closely examines what executives are doing to protect their organizations and reveals what worries them about the tradeoffs between fostering innovation and lowering risk.

This report delves into the depths of cyber risk management, unearthing the critical coverage gaps that threaten organizational stability in the wake of cyberattacks. In an era where digital threats loom larger than ever, businesses are increasingly turning to cyber insurance as a safeguard against the financial ravages of data breaches. Yet CYE’s study leveraging external and internal datasets reveals a stark reality: the protection afforded by such insurance may fall significantly short of the actual costs incurred during cyber incidents.

AuditBoard’s 2023 Digital Risk survey of 130+ risk leaders found, most organizations are struggling to mature their risk management capabilities. . Our survey explored the digital risk management programs and technologies that organizations currently rely upon to better understand their digital risk landscape and digital risk management maturity, integration, and technology adoption.

Protecting trusted insiders (and the assets and systems they are entrusted with) against foreign influence is the ‘how to’ conversation to be having and solution to be driving for. This report is not just a platform for understanding the insider risk landscape. It is an invitation to uplift collaboration and best-practice information sharing with trusted allies to fortify the protective security resilience of our most missions critical agencies and entities.

The NetDiligence Cyber Claims Study presents findings from a five-year dataset of over 9,000 real-world cyber insurance claims. In this spotlight, we focus on the subset of BEC incidents: 17% of claims reported (N=1,480) between 2018 and 2022. BEC starts with human error and ends with high crisis services costs. Educating and training the workforce is a continual and incremental process. Preventing BEC is the endless task of cybersecurity

The Professional Services sector includes a broad array of organizations. Although there are no strict criteria for considering a company to be in this sector, there is general agreement that inclusion requires specialized training and experience, and, in many cases, qualification by exam and licensing managed by either national or state authorities. Using our 5-year dataset, we have analyzed 1,500 Professional Services claims dated 2017 through 2021. Professional Services sector incidents account for 20% of all claims in the dataset.

This new study makes it clear that enterprise demands have certainly continued to grow since then. Organizations place greater strategic priority on TPRM to contribute to a widening scope of enterprise risk that extends beyond cybersecurity. It’s also clear from these results that supply chains are expanding as is the need to efficiently assess risk across those business relationships. Respondents tell us they’re increasingly relying on automated assessments and risk ratings to meet that demand.