This paper cites a Dimensional Research survey of 250 IT security professionals in financial services organizations located in the U.S., U.K., Germany, France and Australia. The survey examines the challenges faced by the financial services industry in managing certificates, and the results illustrate the importance of incorporating CA-agility into a certificate management strategy. The survey also explores the federal government and other industries, including healthcare, retail and technology.

This report analyzes the data submitted by 1,718 security awareness professionals from around the world to identify and benchmark how organizations are managing their human cyber security risk. The analysis includes how factors such as security awareness program maturity, funding, and staffing combine to make successful programs.

“Many businesses and government agencies have embraced supervisory control and data acquisition (SCADA) systems or industrial control systems (ICS) in recent years, but the technologies face major security challenges. Nearly 6 in 10 organizations using SCADA or ICS that were surveyed by Forrester Consulting in a study commissioned by Fortinet indicate they experienced a breach in those systems in the past year—and many of those organizations are adding to their risk by allowing technology and other partners a high level of access into their systems. Most organizations also report connections between their traditional IT systems and their SCADA/ICS, introducing the potential for outside hackers to penetrate these control systems.”

SecurityScorecard ran an analysis, looking at the security ratings of organizations over a six month period and identified which organizations improved those scores the most; whether overall or within a specific risk area.

“In this year’s report, SecurityScorecard looked at more than 1200 healthcare companies from July 2017 through the end of the year and analyzed terabytes of information to assess risk across ten risk factors.”

“To take a look at the cybersecurity health of financial institutions, this September, SecurityScorecard analyzed 2,924 financial institutions in the SecurityScorecard platform to find existing vulnerabilities within banks, investment firms, and other financial firms to determine the cybersecurity performance of the financial sector, especially as compared to other industries. Our team also analyzed the cybersecurity posture of the Top 20 highest performing FDIC-insured banks to understand what security factors pose risks to these financial institutions.”

Since June 2016, the Global Cyber Alliance (GCA) has been working to accelerate adoption of DMARC, an email security standard, by providing a set of easy-to-use tools and campaigns to drive deployment. This paper investigates and measures the economic benefit from that work. Having reviewed the available data, we have chosen to focus on Business Email Compromise (BEC) because it is a rapidly growing issue, with high direct losses, and relevant data is available for analysis from multiple sources. We derive a conservative minimum bar estimate for the loss avoidance tied to GCA’s initiatives and discuss the potential scale of other benefits gained from DMARC.

The Canadian Survey of Cyber Security and Cybercrime was conducted for the first time to measure the impact of cybercrime on Canadian businesses. This release coincides with Cyber Security Awareness Month, which is an internationally recognized campaign held each October to inform the public of the importance of cyber security.The Canadian Survey of Cyber Security and Cybercrime was conducted for the first time to measure the impact of cybercrime on Canadian businesses. This release coincides with Cyber Security Awareness Month, which is an internationally recognized campaign held each October to inform the public of the importance of cyber security.

“For the (ISC)² Cybersecurity Workforce Study (formerly the Global Information Security Workforce Study), we talked to cybersecurity pros as well as IT pros who spend at least 25% of their time working on cybersecurity activities. This report explores the findings of that research, illuminating the cybersecurity skills gap by revealing the trends, elements, and impact, all of which can be used to inform the steps organizations and individual cybersecurity pros can take to address this troubling progression.”

“In last year’s report, we sought to break down walls of misunderstanding between cybersecurity leaders and corporate directors. We continue chipping away at those walls this year, but expand the scope of our research to include a broader set of stakeholders and topics relevant to our increasingly important goal.”

This white paper explains common use cases for privilege management on Unix/Linux servers.

This document deals with malware on mobile devices.

This report focuses on key metrics from the following verticals: 1) Education 2) Finance & Finance-related Businesses 3) Technology 4) Healthcare Additional data is provided that focuses on company size. In the following pages, we present specific data showing the types of attacks attempted on these networks and other key findings that we believe are of interest.

This report is an annual Cyber Claims Study. It includes informative numerical and graphical descrip-tions of the types of data exposed, causes of loss, business sectors involved, sizes of affected organizations, insider involvement, and third party involvement. It also includes several new analyses: Cloud Involvement, Cyber Extortion/Ransomware, Phishing, Phishing and Wire Transfer Fraud, POS-Related/Common Point of Purchase/CPP Investigations.

A survey of 1,600 IT professionals on the risks being faced by organizations, the common reactions to those concerns, and the challenges with which individuals are struggling.

This document details how and why a company should be proactively scanning internal networks, segmenting network elements, and requiring multi-factor authentication also helps ensure security.

This Annual report discusses the events and changes in the cybersecurity landscape of 2017.

In the executive summary, this report asks, “What if defenders could see the future?” it then goes on to say that defenders can see what’s on the horizon and many clues are out there and obvious. The entire report seeks to outline ways in which defenders can see the future.

Verizon’s annual report on data breaches in 2018

This paper tries to answer the question, “What does the general public know about data privacy?”

This report seeks to answer the question, “What will shape the next 12 months in cybersecurity?”