This report aims, simply, to help you build a proactive defense that anticipates and thwarts tomorrow’s threats. So, for the second year running we rallied the community for the largest predictions survey the cybersecurity awareness community has seen. We’ve harnessed their expertise, experience, and frontline intel.

Over the course of the year, insurers responded to these and other dynamics of the risk and insurance environment by implementing their own resiliency measures, some of which impacted insurance market conditions. They undertook various measures, including refocusing their appetite, adjusting their underwriting policies, shifting their pricing models, streamlining their organizations, and aligning with business partners who share their values.

In our report, we look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on our findings. While most of our recommendations remain consistent with prior years, there were some surprising takeaways, including a shift in the most impactful threats. The most widespread threat to WordPress security in 2023 was Cross-Site Scripting, as techniques for taking over websites by adding malicious administrators and backdoors have become mainstream.

In our 11th annual Data Breach Industry Forecast, we looked more broadly than ever before at trends and data on a global scale as data breaches have no borders. This, along with the fact that nationstate-sponsored gangs and attacks are becoming increasingly more strategic and purposeful due to political conflicts or interests, made it fitting to expand our lens. Our predictions come from Experian’s long history of helping companies navigate breaches over the past 21 years. Here’s where we expect to see some hard to believe, but possible developments in the world of data security incidents in 2024.

While third-party risk management is a well-established practice, it’s also continuously evolving. Organizations of all sizes and industries must continually adapt and change to effectively identify, assess, manage, and monitor third-party risks. By analyzing the third-party risk management landscape and practices captured in our survey, organizations can see where they stand compared to their peers and consider that information as they prepare and implement changes this year and beyond.

The Sysdig 2024 Cloud‑Native Security and Usage Report comes at an exciting time after a year of cybersecurity making headlines worldwide. This is indicative of how broad the security landscape has grown in a short amount of time, thanks to the cloud. This report looks at real‑world data to draw conclusions about the state of cloud security. From our perspective, we see that organizations continue to struggle with the shift‑left concept. Although runtime threat prioritization has greatly reduced vulnerabilities, there remains an urgency for powerful and speedy cloud threat detection and response (TDR).

This report is broken into four different threat types: identity, cloud, computer-based, and phishing. Keep in mind, though, that these threats are tightly related. Compromise of user identities can occur through phishing and can impact an organization’s cloud assets and endpoints, or malicious activity on an endpoint may be indicative of an exploited vulnerability. We’ll highlight that interconnectivity throughout.

The healthcare sector is particularly vulnerable to cybersecurity risks and the stakes for patient care and safety are particularly high. Healthcare facilities are attractive targets for cyber criminals in light of their size, technological dependence, sensitive data, and unique vulnerability to disruptions. And cyber incidents in healthcare are on the rise.

CompTIA’s 2024 State of Cybersecurity report explores the many variables that must be considered in balancing the cybersecurity equation. As cybersecurity becomes a critical business imperative, every process must be scrutinized for potential vulnerabilities. This practice of risk analysis then drives decisions around workflow, skill-building and technology implementation. With technology trends evolving and attack patterns changing, true equilibrium is impossible to achieve. The balancing act is a full-time job.

By leveraging its huge user dataset, Hornet security is uniquely positioned to conduct a detailed examination of email-based threats and distill this into important insights for IT security professionals. Email continues to be an essential communication channel. However, in our analysis of more than 45 billion emails, 36.4% are categorized as “unwanted.” 96.4% of unwanted emails are spam or rejected outright due to external indicators, and just over 3.6% were flagged as malicious.

The Cyber Security Report (formerly Cyber Threat Report) is an annual analysis of the current cyber threat landscape based on real-world data collected and studied by Hornet security’s dedicated Security Lab team. Hornet security processes more than two billion emails every month. By analyzing the threats identified in these communications, combined with a detailed knowledge of the wider threat landscape, the Security Lab reveals major trends and can make informed projections for the future of Microsoft 365 security threats, enabling businesses to act accordingly. Those findings and data are contained within this report.

The 2024 Global Cybersecurity Outlook (GCO) finds that organizations that maintain minimum viable cyber resilience – that is, a healthy middle grouping of organizations – are disappearing. Organizations reporting such a minimum viable cyber resilience are down 31% since 2022.

The 5th edition of Wipro’s State of Cybersecurity Report (SOCR) offers a perspective and framework to help enterprises achieve cyber resilience. You will find a wealth of data and actionable insights covering attacks, breaches and law, along with the state of business cyber capabilities across geographies and industry sectors, plus future trends.

The Hiscox Cyber Readiness Report 2021 reveals that US firms are a global leader in cyber readiness, with more classified as ’cyber experts,’ (25%) compared to other countries. But there is still work to be done when it when it comes to dealing with ransomware and phishing emails, as US businesses are the most likely to pay a ransom. In this year’s report, we saw a disparity when it came to the level of cyber expertise US businesses have versus the actions they take when an attack actually occurs.

The Hiscox Cyber Readiness Report 2022 reveals that both the frequency and cost of cyber attacks are rising for US businesses, and the pandemic is continuing to have lasting effects on the cyber security landscape. While the US remains a global leader in cyber maturity, they are also most likely to pay a cyber-related ransom. To gauge businesses’ preparedness to combat cyber incidents and breaches, Hiscox surveyed over 5,000 professionals responsible for their company’s cyber security from the US, UK, Belgium, France, Germany, the Netherlands, Spain and Ireland. This includes key findings from over 900 professionals from the US.

The Hiscox Cyber Readiness Report 2023 reveals that small business owners are getting smarter, but so are cyber criminals. Although 63% of small businesses in the US are cyber intermediates and 4% are cyber experts, almost half (41%) experienced at least one cyber-attack during the past year. The report surveyed over 5,000 professionals responsible for their company’s cyber security strategy from the US, UK, France, Germany, Spain, Belgium, Republic of Ireland, and The Netherlands, including more than 500 US small business professionals.

COVID-19 has dramatically changed the workplace and has created new cybersecurity risks and exacerbated existing risks. The purpose of this research, sponsored by Keeper Security, is to understand the new challenges organizations face in preventing, detecting and containing cybersecurity attacks in what is often referred to as “the new normal”. All respondents in this research are in organizations that have furloughed or directed their employees to telework because of COVID-19.

In this report, we’ll discuss three automotive-related cybersecurity emerging risks we’ve identified in 2023, arising from the rapid proliferation of SDVs. Growth in backend attacks allowing access to sensitive vehicle data and controls, the ever-evolving SBOM and the critical role it plays in enhancing automotive threat intelligence and cyber are on the rise in the agriculture, construction, and heavy machinery industries that fare fast to adopt software-defined and autonomous capabilities.

The 7th annual Hacker-Powered Security Report goes deeper than ever before with customer insights, in addition to the opinions of some of the world’s top hackers. We also take a more comprehensive look at the top ten vulnerabilities and how various industries are performing when it comes to incentivizing hackers to find the vulnerabilities that are most important to them.

In this year’s survey, they revisited questions around how organizations are developing effective third-party cyber risk management (C-TPRM) programs with robust technology and services and determining how to best collaborate with third parties on their shared security posture. They also asked some new questions related to how organizations refine their risk management approaches over time. To assure an accurate reflection of industry trends and observations, BlueVoyant commissioned its fourth annual survey undertaken by independent research organization, Opinion Matters, in October 2023. A total of 2,100 respondents represent a variety of executive roles within their organizations, but are all responsible for managing supply chain and cyber risk.

The Security Navigator reflects first and foremost the reality of the conflictual nature of cyber warfare. It mirrors the disinhibition of threat actors motivated by state strategies or hacktivism as well as criminal opportunities. In this environment, espionage, sabotage, disinformation and extortion are becoming increasingly intertwined. This document is also intended to become the cornerstone of the partnership of trust that we wish to build with you. It must enrich our debates within a community that is still too isolated.