Bryan Cave Leighton Paisner began its survey of data breach class action litigation six years ago to rectify the information gap and to provide our clients, as well as the broaderlegal, forensic, insurance, and security communities,with reliable and accurate information concerning the risk associated with data breach litigation. Our annual survey continues to be the leading authority on data breach class action litigation and is widely cited throughout the data security community.

A survey based report on the attitudes and beliefs of security professionals to the challenges and opportunities in cloud security.

A Guy Carpenter and CyberCube Analytics collaboration explores the size and shape of cyber catastrophes and the resulting financial impact on the U.S. cyber insurance industry.

In this eBook, they’ll cover: • The Insider Threat investigation process with security solutions like Security Information and Event Management (SIEMs) • What an investigation looks like within ObserveIT, a dedicated insider threat management platform, including: – Proactive threat hunting – Reactive alert investigations after a known incident

From the report, “[This] report also captures the changing strategies used by attackers and highlights how organizations today are bolstering their defenses to stay one step ahead. It concludes with a peek into the cybersecurity areas that will be pertinent in the near future. We hope that you will benefit from the global and industry-specific insights available in this edition of the State of Cybersecurity Report and that together, we will be able to make our enterprises more resilient to withstand and recover from future attacks!”

From the report, “The challenges facing security teams are, perhaps unfortunately, common knowledge by now. A constant rise in alert volume, a stark security skills gap, piecemeal processes, and siloed tools have made security operations a tough place to be. In 2018, Demisto commissioned a large study to delve deeper into these issues, their manifestations, and possible solutions. The 2019 report broadens the perspective from Security Orchestration, Automation, and Response (SOAR) to the security incident response lifecycle. Demisto commissioned a study with 552 respondents to find out specific challenges at each stage of the incident response lifecycle, how current product capabilities help overcome these challenges, and what capabilities are missing within security products today.”

From the report, “We wanted to do something different for this report. Instead of looking at a single type of attack, we stepped back to look at attacks against banks, credit unions, trading companies, and other organizations that make up financial services as a whole. Most defenders only see a very small segment of the overall traffic, whether they’re the target or the vendor supplying defensive tools. The breadth of Akamai’s products and our visibility into a significant portion of Internet traffic allows us to research multiple stages of the attack economy.”

Ponemon Institute surveyed 627 IT and IT security practitioners in the United States to understand how well organizations are addressing cyber risks associated with attackers who may already be residing within the perimeter, including insiders that might act maliciously. In this study, these are referred to as “post-breach” or “resident” attackers. The findings consistently show that organizations do not fully understand the risks associated with this type of threat, are unprepared for resident attackers, and have little ability to discover and remove them.

This paper provides a review and analysis of 2018 cyber incidents and key trends to address.

This is a summary of vulnerability trends observed and investigated by the eSentire Security Operations Center (SOC) in 1H 2019.

This report seeks to explore user knowledge of a broad range of best practices for cyber hygiene, security and compliance.

This white paper describes the critical role of pen testing for web applications. It explores the economics of “classic” pen testing and considers a variety of unseen costs and points of diminishing value. The paper concludes by describing a next-generation hybrid applicationsecurity-testing-as-a-service and how it can help bring the flexibility in applying both automated app testing tools (DAST) and the human expertise of ethical hackers (pen testing) to this challenge.

A necessary pillar of an effective cyber defense strategy is the capability to detect and mitigate threats at the earliest stages of the cyber kill chain. While internal and perimeter security solutions are critical to your security program, external threat intelligence gives you the ability to defend forward by eliminating threats outside the wire. This ebook is designed to provide a framework for security professionals on how to conduct effective external threat hunting on the dark web.

In 2018, WSJ Pro Cybersecurity partnered with ESI ThoughtLab, a thought leadership and economic research firm, to gather data on how more than 1,300 enterprises were responding to the challenge of managing cyber risk. The study launched in late 2018 with the ground-breaking report ‘The Cybersecurity Imperative’ and continues with this pulse update report based on the findings of a new sample of companies.

From the report, “It is clear that there is no shortage of vulnerabilities to find. In the last year, Bugcrowd saw a 92% increase in total vulnerabilities reported over the previous year. The average payout per vulnerability increased this year by a whopping 83%, with average payouts for critical vulnerabilities reaching $2,669.92 — a 27% increase over last year.”

The Bromium Threat Insights Report is updated on a regular basis to track notable threats and the information gleaned from them.

Whether accidental or malicious, insider incidents can result in financial fraud, privacy abuses, intellectual property theft, or damage to infrastructure. It’s difficult for security pros to detect this suspicious activity because insiders need to have privileged access to data to do their jobs. Since insiders are people and, therefore, entitled to privacy and due process, security pros must handle these incidents with greater care than external threats. This report describes how to build an insider threat program.

In this report they explore: • Why AI-enabled cybersecurity is increasingly necessary • How organizations are benefitting from AI in cybersecurity • Where organizations should focus their cybersecurity initiatives • Building a roadmap for implementing AI in cybersecurity

This report covers trends in retail and hospitality in 2019. It covers Cyber espionage that impacts hospitality, how virtual skimming threat data poses risk to payment card data, and an analysis and comparison of point-of-sale malware companies.

This report focuses specifically on data threats in the healthcare industry.

This report is essential reading for executives, security practitioners and development teams who want to better understand the present state of software security risk, and who seek to benchmark and improve their own organization’s performance.