This report is based on the summary statistical analysis of over 9,000 cyber claims for incidents that occurred during the five-year period 2018–2022. By comparison, the third Cyber Claims Study, published in 2013, analyzed fewer than 150 cyber insurance claims.

Splunk sits at the heart of Security Operations for many of the world’s largest and most complex organizations. We spend our days helping CISOs and their teams get ahead of emerging threats, respond quickly when incidents inevitably occur, and succeed as business enablers. In The CISO Report, we share the results of our original research and offer insights on how leaders can evolve along with the cybersecurity landscape.

The United Kingdom’s National Cyber Security Centre (NCSC) found that cyberattacks against sports organizations are increasingly common, with 70% of those surveyed experiencing at least one attack per year, significantly higher than the average across businesses in the United Kingdom. In this edition we offer first hand learnings about how threat actors assess and infiltrate these environments across venues, teams, and critical infrastructure around the event itself.

In this fourth annual edition of the Microsoft Digital Defense Report, we draw on our unique vantage point to share insights on how the threat landscape has evolved and discuss the shared opportunities and challenges we all face in securing a resilient online ecosystem which the world can depend on.

Process for Attack Simulation and Threat Analysis (PASTA) is a threat modeling methodology, co-developed by VerSprite’s CEO Tony UcedaVelez. It provides a process for simulating attacks to applications, analyzing cyberthreats that originate them, and mitigating cybercrime risks that these attacks and threats pose to organizations. The process is employed by security professionals across industries to prioritize risks and develop a mature cybersecurity framework that is woven into the business culture and the application development process.

The ninth annual ISACA global State of Cybersecurity Survey continues to identify current challenges and trends in the cybersecurity field. For the second consecutive year, ISACA fielded questions to gain deeper insight into persistent issues in cybersecurity workforce skill sets and staffing for entry-level positions. The State of Cybersecurity 2023 report analyzes the survey results on cybersecurity skills and staffing, resources, cyberthreats and cybersecurity maturity.

Application Programming Interfaces (APIs) have emerged as useful tools that streamline business operations and enhance the digital experience for customers. As their use has proliferated, however, the importance of properly securing APIs is also becoming increasingly evident. API-related hacks and data breaches have impacted companies across nearly all sectors and geographies, resulting in skyrocketing remediation and legal costs for companies.

Coalition’s 2023 Cyber Claims Report: Mid-year Update features data from organizations across the United States. Cyber risk is global in nature, and we believe the trends and risk mitigation strategies within this report are applicable regardless of location. We’re proud to share these insights to help our policyholders, broker partners, and others in the cyber insurance industry stay informed about the ever changing threat landscape.

Organizations are developing new applications as part of an overall movement toward digitally transforming business operations. Many executives and board members still consider these purely technology problems, but this perception is greatly mistaken. Given the potential business impact, they should accept these as business issues. Ensuring system security and resilience must be addressed as part of business planning, risk management, and operations.

Today’s apps are multifunctional, combining communication, collaboration, and commerce. The fragmentation of mobile devices, cloud computing, and third-party components and services have changed how apps store, transmit, and process data. As a result, sensitive information is at risk thanks to the expansion of the attack surface and the rapid evolution of threats.

In this survey, we set out to discover how the digital-first economy has specifically impacted the role of the CISO/CSO. In addition to bringing awareness to the evolving role of the CISO, the survey strove to delve into the broader business ramifications of these changes, so organizations can better understand how digital initiatives are impacting risk and how companies can better protect themselves.

The 2023 Board Perspective report shines a light on how boards are managing this evolving landscape. Our annual survey reveals the beliefs, experiences and insights of 650 board members across the globe. We analyzed their responses to get a boardroom perspective of the threat landscape, the role of the CISO and the broader world of cybersecurity. We also compared the results with CISOs surveyed in our 2023 Voice of the CISO report. Pairing the surveys helps provide a more complete picture of where CISOs and their boards are on the same page—and opportunities for better alignment.

In 1H 2023, we observed significant activity among advanced persistent threat (APT) groups, a rise in ransomware frequency and complexity, increased botnet activity, a shift in MITRE ATT&CK techniques used by attackers, and more. As we examine activity in the first half of 2023, we see cybercrime organizations and nation-state cyber-offensive groups swiftly adopting new technologies. Notably, some of these actors operate much like traditional enterprises, complete with well-defined responsibilities, deliverables, and objectives.

Today, a new reality is taking shape, based on Deloitte’s 2023 Global Future of Cyber Survey, which asked hundreds of leaders across industries and across the globe to share their views on cyber threats, enterprise activities, and the future. The survey included C-suite executives across the enterprise, as well as other senior leaders with responsibility for IT, security, and risk. This new reality is grounded by the following findings.

This report presents analysis of insights gathered from 130 leading CISOs who participated in the 2023 Team8 CISO Village TLV Summit, an exclusive and intimate gathering of CISOs from global prominent enterprises, many of which are Fortune 500 companies. This report incorporates previously unpublished information gathered from the 2022 CISO Village TLV Summit Survey.

With security threats putting everything from personal information to critical infrastructure at risk, and with the incidence of ransomware attacks and other data breaches increasing, the 2023 RSA ID IQ Report provides cybersecurity professionals with insights into users’ understanding and behavior. By reviewing users’ answers on the identity components needed to develop a zero trust framework, multi-factor authentication, the vulnerability of mobile devices, and other cybersecurity threats, leaders can prioritize actions and implement best practices to keep their organizations secure.

This survey was designed to shed light on current practices, obstacles, and perspectives in vulnerability management. Through understanding how organizations are tackling these challenges, the “2023 State of Vulnerability Management” report offers strategic insights and industry benchmarks.

This 2023 Ransomware Report presents insights gathered from a survey of 435 cybersecurity professionals, shedding light on organizations’ preparedness and approaches to combating ransomware. The report identifies gaps and obstacles that hinder robust security posture, and outlines strategies for prevention and remediation of ransomware attacks.

The survey asked about the impact that ransomware had on their environments, as well as what their IT strategies and data protection initiatives are moving forward. While analysts forecasted growth in overall IT spending for 2023 between 4.5%** by IDC and 5.4%*** by Gartner, respondents in this survey expect their cyber security (preventative) budgets to grow by 5.6% and their data protection (remediation) budgets to grow by 5.5% in 2023.

Axio researchers analyzed updated data from the Axio360 Ransomware Preparedness Assessment tool to prepare the 2022 State of Ransomware Preparedness report (2022 Study). The Ransomware Preparedness Assessment is informed by input from hundreds of ransomware events, guidance from the U.S. Department of Homeland Security, and Axio’s own research. Organizations across multiple critical infrastructure sectors have used the tool to determine the strength of their ransomware practices and controls, to identify gaps, and to prioritize improvements.

Our new report examines how the interplay of all these factors will result in increased attacker opportunity. Indeed, as adversaries embrace artificial intelligence (AI) to enhance and scale their identity based attacks, security teams are being asked to do more with less as budget cuts widen existing skills and resource gaps.