Using breach information from Advisen, this report seeks to fill in missing gaps in the loss frequency and impact side of quantitative risk analysis. Using real world reported data on publicly-discoverable breaches, commonly held myths of cost per record estimates are debunked and replacement hard statistics are given to replace incorrect estimates.

Using breach data from Advisen, this report defines ripple effects of breaches as the impacts on companies more than one degree of separation from the company directly affected by the breach. As vendor relationships are both broad and deep, a breach in any one company in a network can have distant effects on companies not directly related. The implications upon third party risk management are explored.

A special edition of the Veracode SOSS series, focusing on the vulnerabilities present in open source software libraries and the surrounding ecosystem.

This report seeks to provide actionable insight and practical advice to help organizations increase talent-gap resilience and avoid being left behind as the industry evolves.

The goal of the study was to provide a state-of-the-market on third-party risk with actionable recommendations that organizations can take to grow and mature their programs.

Discusses systemic cyber risk, catastrophic losses, and the implications upon cyber insurance policies.

This report encourages market participants to review their practices, policies and procedures with respect to cybersecurity and operational resiliency. It states that assessing your level of preparedness and implementing some or all of the above measures will make your organization more secure. OCIE will continue to focus on working with organizations to identify and address cybersecurity risks and encourages market participants to actively engage regulators and law enforcement in this effort.

In this, our launch issue of CyberTheory, we will explore the current and future state of cybersecurity, the key issues driving the shift in the corporate board room perception of cyber-risk and add substantive analysis to what we believe are the most engaging topics in the space.

We annually gather and analyze raw data from hundreds of IT and industrial control systems (ICS) security practitioners across a variety of industries, people whose work places them in positions of responsibility to identify risks and safeguard control systems and networks from malicious and accidental actions. It is our mission to turn these inputs into actionable intelligence that can be used to support new developments and address ongoing trends in the field, to inform the crucial business decisions that determine allocation of resources, prioritization of protective measures on critical assets and systems, and planning of new initiatives.

The Worldwide Security Spending Guide examines the security opportunity from a technology, industry, company size, and geography perspective. This comprehensive database delivered via IDC’s Customer Insights query tool allows the user to easily extract meaningful information about the security technology market by viewing data trends and relationships and making data comparisons.

This is a study on third party risk from Gartner. It covers how third party risks are changing, how companies are managing third party risks, and taking an iterative approach to third party risks.

The 2019 Survey of 211 participants covers Overall risk security, Risk Management, and also covers what job titles are involved, and what industries are involved.

Each year, industry leaders from around the world submit an application to be a speaker at RSA Conference. This year, we received 2,400 responses to our 2020 Call for Speakers. By sifting through all the entries, we were able to identify 10 trends that weaved their way through many of the submissions. Examining these trends provides a glimpse of what will be on the minds of cybersecurity professionals in 2020,

A survey conducted by Advisen covering changes since last years survey, including a more than 70 percent satisfactionrate reported by respondents who havehad a cyber claim which either resulted ineconomic damage or business interruption.

This report explores the results of the 2019 (ISC)² Cybersecurity Workforce Study, providing details on the cybersecurity workforce and gap estimates, taking a closer look at cybersecurity professionals and their teams, reviewing key steps on the cybersecurity career path, and discussing insights into immediate and longer-term methods for building qualified and resilient cybersecurity teams now and in the future.

This report goes in depth into the state of Internet security, including how companies are storing data, orgation’s internet surface areas, and where exposures exist the most.

A Guy Carpenter and CyberCube Analytics collaboration explores the size and shape of cyber catastrophes and the resulting financial impact on the U.S. cyber insurance industry.

Ponemon Institute surveyed 627 IT and IT security practitioners in the United States to understand how well organizations are addressing cyber risks associated with attackers who may already be residing within the perimeter, including insiders that might act maliciously. In this study, these are referred to as “post-breach” or “resident” attackers. The findings consistently show that organizations do not fully understand the risks associated with this type of threat, are unprepared for resident attackers, and have little ability to discover and remove them.

This key findings’ report contains a synopsis of trends on how health systems are scaling innovation and a look-ahead at what the innovation perspectives and strategies of today may mean for the health systems tomorrow. It is structured to provide action items for efficient scaling of innovation at health systems followed by supporting findings.

Since 2017, risk experts have consistently ranked large-scale cyber attacks and data fraud among the top five mostly likely risks around the world. Despite growing anxieties about cyber threats, cyber resilience strategies and investments continue to lag. Globally, the time taken to discover a data breach has considerably lowered since 2017, but organizations in the Asia-Pacific region took four months longer than the global median. Internet users are growing 10 times faster than global population, exponentially increasing the surface area of attack. For example, in 2018, the total cost of cyber crimes grew by a third compared to 2016, to $600 billion, but investments in cyber security only increased 10 percent over the same period.

Aon is supporting its global clients to respond to political risks and security challenges by using the analysis derived from the maps to inform the creation of a more robust risk management programme. We hope this year’s maps provide you with the insights that you need to better protect your business, and should you need to discuss any aspects of your insurance coverage – or how these risks affect your exposure – please contact the team.