Interpol’s Cybercrime Directorate produced this Global Assessment Report on COVID-19 related Cybercrime based on data from 194 countries and private partners to provide a comprehensive overview of the cybercrime landscape amid the pandemic. (more available)

This biannual report from Agari goes in-depth on changes and trends in email and identity fraud for the second half of 2020. (more available)

The objective of this report is to provide nuanced insight into the ICS risk and vulnerability landscape, the challenges it poses to operational technology (OT) security practitioners, and what conclusions can be drawn from publicly available data. (more available)

Teaming up with leading researchers at UC Berkeley and UC San Diego, Barracuda researchers uncovered a new and growing type of account takeover attack: lateral phishing. (more available)

The second Abnormal Security Quarterly BEC Report examines the business email compromise (BEC) threat landscape during what may be the most tumultuous quarter in modern business history: the first full quarter of the COVID-19 pandemic. (more available)

A review of lessons learned over the past year from Rapid7’s penetration testing services. Combined with survey day on social engineering and red team simulations of 206 engagements. (more available)

This paper compiles observations as well as predictions on the state of cybersecurity in 2020.

The Threat Intelligence Executive Report by Secureworks is a report designed to analyze security threats and help organizations protect their systems. (more available)

A review of cybersecurity breach trends affecting public companies from 2011 through 2019. Use the breach database compiled and maintained by Audit Analytics. (more available)

This report goes in-depth on the most popular fraud techniques and how to prevent fraud attacks on your business.

The third edition of Infosecurity Magazine’s annual report. A survey of 75 respondants with approximately 1/3 academic, 1/3 industry, and 1/3 investors. (more available)

Year end report from AppRiver using telemetry from the AppRiver security products and events observed by the AppRiver Security Analysts.

The annual report on trends in malware and hacked website from the incident response and malware research teams at GoDaddy Security /Sucuri. (more available)

An annual report derived from the Proofpoint customer base and the emails processed by the Proofpoint email security platform. Focuses on the “human factor” of organizational cyber security. (more available)

A survey of 166 US health information security professionals. Discusses the prevalence of significant security events (primarily e-mail based), positive advances in healthcare security, the threat of complacency when managing programs, and area where there are control gaps. (more available)

A combination of data from RiskIQ’s internet telemetry network and thought analysis, this report covers changes related to the COVID-19 pandemic, organization’s public attack surface, mobile threats, and the importance of JavaScript as an attack vector. (more available)

Covers the long tail of vulnerability patching, whereby vulnerabilities that are not fixed soon after detection can linger for months or more before being addressed. (more available)

The second annual application protection report (APR) from F5 Labs combines data from F5’s global customer base with network telemetry from Baffin Bay to catalog and analyze the major threats facing application security practitioners. (more available)

Verizon’s 2020 edition of the keystone DBIR. Covering breaches and attack trends across the previous year.

Trend Micro looks into the email security threat landscape, looking into threat types, number of threats, etc.

In this report, we’ll dig deeper into the survey results and present our own understanding of these statistics, as well as analysis from Dr. (more available)