The target population was reached through in-person events, and by third parties via their opt-in email lists, Genetec opt-in email lists, and by digital promotions. This report points out whether answers are from all respondents, end user respondents, or channel partner respondents.

This report delves into the depths of cyber risk management, unearthing the critical coverage gaps that threaten organizational stability in the wake of cyberattacks. In an era where digital threats loom larger than ever, businesses are increasingly turning to cyber insurance as a safeguard against the financial ravages of data breaches. Yet CYE’s study leveraging external and internal datasets reveals a stark reality: the protection afforded by such insurance may fall significantly short of the actual costs incurred during cyber incidents.

HackerOne’s Hacker-Powered Security Report: Industry Insights leverages data from real-world vulnerability reports to provide insight into the fastest-growing vulnerability categories, how bounty prices are changing year over year, and which industries are fastest to fix. The most innovative CISOs stay ahead of cybersecurity threats and mitigate vulnerabilities by augmenting internal teams and security testing tools with a skilled and engaged hacking community.

In this year’s Hacker-Powered Security Report: Financial Services, we look at what drives ethical hackers, where they focus their energies, and what they’re doing to help financial services companies improve their security profile. In the past year, the hacking community has found over 65,000 customer vulnerabilities. Financial services continues to be among the most popular industries for ethical hackers to work on, and vulnerabilities in web applications are by far the most commonly reported issues in the industry

This report will help users to understand the nature, scope and impact of the threats they face, and will help security teams tailor their program and messaging accordingly. A security awareness program should be an essential component of any organization’s security strategy, but by itself it isn’t enough. Our data shows that 96% of people who took a risky action knew that what they were doing might be risky, so it seems that key information is getting through. However, knowing what to do and doing it are two different things. The challenge is now not just awareness, but behavior change.

The Arctic Wolf State of Cybersecurity: 2024 Trends Report took the temperature of organizations around the globe and sought to understand how they were responding to these areas of challenge. Our research revealed that ransomware continues to be a perennial area of concern. For the third year in a row, ransomware ranked as the top concern for respondents. This concern is not without merit when we consider that 45% of the organizations we spoke with admitted to being the victim of a ransomware attack within the last 12 months, a 3% increase over last year.

By publishing this report, we aim to show the greater business community what has led us to this point and what can be done to reduce the risk that has resulted from this complexity. In 2023, ransomware frequency increased by 64% overall when compared to 2022, mostly driven by a 415% increase in indirect ransomware.

Based on a survey of 647 IT professionals and cybersecurity experts, this report explores the multifaceted security and user experience challenges of VPNs to reveal the complexity of today’s access management, vulnerabilities to various cyberattacks, and their potential to impair organizations’ broader security posture. The report also outlines more advanced security models, particularly zero trust, which has firmly established itself as a robust and future-proof framework to secure and accelerate digital transformation.

This analyst report contains information about cyberattacks investigated by Kaspersky in 2023. Kaspersky provides a wide range of services — incident response, digital forensics, malware analysis, etc. — to help organizations affected by information security incidents. The data used in this report is derived from working with organizations that have sought assistance with responding to incidents or conducted professional events for their internal incident response teams.

This report serves as a beacon of insight, offering a comprehensive analysis of the emerging trends, evolving techniques, varied motivations and techniques employed by threat actors from January 2023 to March 2024. Curated by our globally diverse intelligence team, this report is a testament to Intel 471’s collective commitment to understand your adversaries, expose their tactics and empower you to win the fight against them.

In the second half of 2023, the cybersecurity landscape saw a range of significant developments that have considerably impacted the digital attack surface. Notable among these was the rise in sophisticated cyberattacks targeting large-scale entities and essential infrastructure. The findings in this report represent the collective intelligence of FortiGuard Labs, drawn from a vast array of network sensors collecting threat events each day observed in live production environments around the world from more than 600K+ environments and 10M+ sensors capturing every detail about threats that hit our detection technology.

Our Ensign Threat Classification Matrix for identified threat groups helps organizations to prioritize their cyber defense against the territory-contextualised threats. We provide the MITRE ATT&CK heat-maps to support organizations in prioritizing their cyber defenses against specific adversary techniques and follow-through defensive actions, such as threat hunting, Red Teaming, and tuning of detection rules. We have also laid out the observed top targeted industry groups and top exploited vulnerabilities.

In the wake of the Change Healthcare incident, companies are doubling down on efforts to bolster supplier oversight and cybersecurity measures. Every organization must scrutinize its data security practices, assess third- and fourth-party access to sensitive data, and identify critical vendors essential to revenue.

This report presents key insights drawn from hundreds of thousands of attack path assessments conducted through the XM Cyber Continuous Exposure Management (CEM) platform during 2023. These assessments uncovered over 40 million exposures affecting 11.5 million entities deemed critical to business operations. Data gathered from the XM Cyber platform were anonymized and provided to Cyentia Institute for independent analysis to generate the insights.

This year, the report is delving deeper into the pathway to breaches in an effort to identify the most likely Action and vector groupings that lead to breaches given the current threat landscape. The cracked doorway on the cover is meant to represent the various ways attackers can make their way inside. The opening in the door shows the pattern of our combined “ways-in” percentages, and it lets out a band of light displaying a pattern of the Action vector quantities. The inner cover highlights and labels the quantities in a less abstract way.

This report provides strategic recommendations to bolster your security posture. But our mission extends beyond immediate threat mitigation. A preventative approach to cybersecurity—focusing on proactive measures and cost-effectiveness—embodies the ReliaQuest core principles. This report charts threat actors’ evolution, but also anticipates potential shifts in their TTPs as we look to the future. We offer a forward-looking perspective to prepare organizations for emerging challenges they are likely to face.

Coalition’s 2024 Cyber Claims Report features data and case studies from organizations across the United States. Cyber risk is global, and we believe this report’s trends and risk mitigation strategies are applicable regardless of location. As an active partner in protecting organizations from digital risk, we’re proud to share these insights to help policyholders, brokers, and others in our industry stay informed about the ever-changing threat landscape.

This paper explores the benefits of counterfactual analysis for cyber (re)insurers and provides a framework that can help exposure risk managers, actuaries, and catastrophe modelers incorporate it into their standard suite of risk assessment tools. The paper also contains some worked examples of cyber counterfactual analysis that Gallagher Re has conducted in collaboration with CyberCube.

AuditBoard’s 2023 Digital Risk survey of 130+ risk leaders found, most organizations are struggling to mature their risk management capabilities. . Our survey explored the digital risk management programs and technologies that organizations currently rely upon to better understand their digital risk landscape and digital risk management maturity, integration, and technology adoption.

The Edgescan Vulnerability Stats Report aims to demonstrate the state of full stack security based on thousands of security assessments performed globally, as delivered by the Edgescan SaaS during 2020. This report has also become a reliable source for representing the global state of cyber security vulnerability management.

Protecting trusted insiders (and the assets and systems they are entrusted with) against foreign influence is the ‘how to’ conversation to be having and solution to be driving for. This report is not just a platform for understanding the insider risk landscape. It is an invitation to uplift collaboration and best-practice information sharing with trusted allies to fortify the protective security resilience of our most missions critical agencies and entities.