This report Risk Decisions 360 Emerging Risks That Can Impede Sustainable Company Growth, is the result of extensive research and insights aimed at empowering businesses to make informed decisions in the face of new and evolving risks. We examine critical areas that pose significant potential threats to growth, including cybersecurity, technological advancements, financial volatility and operational disruptions, among others – as well as delve into how business executives and owners view the skills and investment required, and the effectiveness of insurance, in mitigating these risks.

The Global Cybersecurity Outlook 2025 report includes a deeper analysis of the most important drivers of complexity and provides valuable insights into the most pressing cyber challenges in the year ahead and their potential implications for executives. Of large organizations, 54% identified supply chain challenges as the biggest barrier to achieving cyber resilience.

PwC’s 2025 Global Digital Trust Insights revealed significant gaps companies must bridge before achieving cyber resilience. With the attack surface continuing to expand through advances in AI, connected devices and cloud technologies and the regulatory environment in constant flux, achieving cyber resilience at an enterprise level is critical. By addressing these gaps and making cybersecurity a business priority, executives can bridge to a more secure future.

In our 12th annual Data Breach Industry Forecast, our focus covers a wide swath of attacks from the personal (teens exploitation), corporate (increases in internal fraud), national (using dynamic identification as a fraud defense), and global (bad actors pursuing data centers). Spanning all these predictions is the dramatically accelerated speed and scaling of cyberattacks that are AI-enabled. This year’s predictions come from Experian’s long history of helping companies navigate breaches over the past 22 years.

The 2024 Data Threat Report (DTR) analyzes how core security practices have changed in response to or in anticipation of changing threats. This report also offers perspectives on what organizations can do to leverage data assets to expand opportunities to make their businesses more agile and build trust with their customers. It analyzes global trends in threats to data and the underlying controls, regulations, risks and emerging technologies that need to be addressed.

This is the first published study in this field to include SPoF (Single Point of Failure) data, which highlights the dependencies a company has on third-party systems and services. This paper represents a snapshot of our ongoing work exploring what is a deep and highly complex dataset.

The Salt Security State of API Security Report for this year has brought to light an urgent need for action, as the usage of APIs has skyrocketed and security breaches have become more commonplace. Organizations are now managing more APIs than ever before, with 66% of them managing over 100. As a result, there has been a staggering increase in API security breaches, with incidents more than doubling in the past year (37% of respondents experienced incidents).

The 2024 Cybersecurity Threat Report aims to be a crucial resource for CISOs, CIOs, and security leaders seeking to navigate this complex environment. By analyzing billions of threat data points collected across our vast customer base, we aim to provide a comprehensive view of the current threat landscape and offer actionable insights for strengthening organizations’ cybersecurity postures.

In this report, Marsh McLennan’s team demonstrated a statistically significant correlation between all of our dark web intelligence sources - including (but not limited to) dark web market listings, hacking forum chatter, and dark web traffic to and from the corporate network - and an increased likelihood of suffering a cybersecurity incident. Put simply: the presence of any dark web findings related to an organization - without exception - was associated with a higher likelihood of a breach.

In today’s crowded and fast-paced technology environment, finance organizations must efficiently and securely manage access to an ever-increasing range of digital services and resources. This puts tremendous pressure on their IT and security teams to keep operations running smoothly and cyber defenses ironclad, even as their exposure to cyberthreats grows. At the core of this challenge is identity security, which ensures authorized individuals gain access to systems and that imposters and threats are shut out.

The Permiso Security State of Identity Security Report (2024) offers a comprehensive analysis of cloud identity and access management practices across global organizations. This study, encompassing over 500 entities, unveils critical trends and challenges shaping the future of identity security. 93% of organizations can inventory identities across all environments, as well as track keys, tokens, certificates and any modifications that are made to any environment.

1Password’s 2022 State of Access Report, an annual survey of North American workers’ sentiments and behaviors around cybersecurity and other critical aspects of modern work, reveals that the acute burnout detected in last year’s survey has paved the way for a widespread sense of distraction in a time of “permacrisis.” When security protocols and practices aren’t automated, even the most well-intentioned employees can unwittingly cause a breach.

1Password Business is an encrypted password solution that provides users with secure access via autofill logins, autogenerated strong passwords, and vault features. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organization. Forrester took a multistep approach to evaluate the impact that 1Password can have on an organization.

This year’s edition of the Cyber Readiness Report explores the critical role of robust cyber resilience in mitigating evolving organisational risks and safeguarding reputations. This year’s research reveals that concerns of reputational damage, caused by the loss of sensitive information, is a driving force behind responses to ransomware attacks. Over the past 12 months, the top three reasons organisations paid ransom were: to protect their customer data, to protect their reputation, and to recover their data because they did not have any back-ups.

The OffSec Shift Report reveals how organizations are adapting to bring both defensive and offensive strategies to the cybersecurity battle. The past year was hard on cybersecurity teams. The persistent economic downturn led to 39% of organizations deprioritizing their cybersecurity strategy.

The State of Attacks on GenAI delivers cutting-edge insights into real-world attacks on generative AI systems, based on telemetry data from over 2,000 LLM applications. Prompt leaking has emerged as the primary method for exposing sensitive information in successful attacks. This unintended disclosure can reveal proprietary business data, application logic, and PII, leading to significant privacy breaches and security vulnerabilities.

This report seized the opportunity to do something different; it now focuses on highlighting what’s next for the hacking community. From neurodiversity in the hacking community to the rise of hacking influencer platforms, we’ve examined a broad spectrum of important topics. Now, most security professionals not only understand the difference between threat actors and hackers, but they actually have personal experience with ethical hacking.

At Gallagher Re, we have been exploring this data’s vast potential for several years. This research has informed the development of a suite of proprietary tools and services aimed at supporting the (re)insurance community in realising the potential of cyber data to enhance underwriting and portfolio monitoring. Principal among these is TIDE, our portfolio quality and benchmarking tool.

Reporting over the course of 2023 and 2024, ETL highlights findings on the cybersecurity threat landscape during a yearlong geopolitical escalation. Throughout the latter part of 2023 and the initial half of 2024, there was a notable escalation in cybersecurity attacks, setting new benchmarks in both the variety and number of incidents, as well as their consequences.

This 10-year anniversary edition of the report dissects the 2022 Microsoft vulnerabilities data and highlights some of the key shifts since the inaugural report. This report will spotlight some of the most significant CVEs of 2022, break down how they are leveraged by attackers, and explain how they can be prevented or mitigated. The way Microsoft classifies the severity rating for a vulnerability is distinct from the likelihood of exploitation.

In its 8th year, the Microsoft Vulnerabilities Report has proven to be a valuable asset for many organizations who wish to gain a holistic understanding of the evolving threat landscape. The report provides a 12-month, consolidated view and analysis of Microsoft Patch Tuesdays, as well as exclusive insights from some of the world’s top cybersecurity experts. This analysis not only reveals evolving vulnerability trends, but also identifies the Critical vulnerabilities that could be mitigated if admin rights were removed.