Top Research & Reports

The Verizon DBIR analyzes thousands of confirmed breaches and security incidents contributed by law enforcement, forensic firms, and cyber insurers to map how breaches happen and who is behind them. Published annually, it is the most widely cited breach benchmark in the industry.

IBM's Cost of a Data Breach Report surveys hundreds of breached organizations across more than a dozen countries to quantify average breach cost, time to identify and contain, and cost factors such as AI governance and shadow AI. Research is conducted independently by the Ponemon Institute.

Mandiant's M-Trends draws on hundreds of thousands of hours of incident-response engagements to report on dwell time, initial infection vectors, and threat-actor tactics. A 17+ year staple for defenders, now published under Google Cloud.

The CrowdStrike Global Threat Report summarizes the Counter Adversary Operations team's analysis of eCrime and nation-state activity, popularizing metrics such as 'breakout time' and named adversary groups. Published annually and widely referenced by SOC and CISO audiences.

The ENISA Threat Landscape identifies prime threats, threat actors, and attack techniques across the EU, with mitigation guidance for technical and policy audiences. Published annually, it is the authoritative European public-sector threat reference.

Red Canary's Threat Detection Report ranks the most prevalent threats and techniques observed across customer environments via human-led investigation, mapped to MITRE ATT&CK. A practitioner-favored, detection-engineering-oriented benchmark published annually.

The ISC2 Cybersecurity Workforce Study surveys 14,000+ practitioners worldwide to size the workforce, quantify the talent and skills shortage, and gauge job sentiment and budget pressures. Published annually, it is the most-cited source on the cybersecurity skills gap.

Coalition's Cyber Claims Report analyzes actual claims across more than 100,000 policyholders to report on ransom demands, business email compromise and funds-transfer-fraud frequency, claims severity by company size, and recovery outcomes.

The Picus Red Report analyzes over a million malware samples annually, mapping millions of observed behaviors to MITRE ATT&CK to rank the techniques attackers use most, such as process injection and defense evasion. A focused, actionable prioritization reference for defenders.

The Chainalysis Crypto Crime Report uses blockchain analytics to quantify funds flowing to illicit and sanctioned crypto addresses, scams, ransomware, and stolen funds. Published annually, it is the standard reference for crypto-crime figures.

The Microsoft Digital Defense Report synthesizes insights from the trillions of daily security signals Microsoft processes to map nation-state activity, cybercrime, and emerging AI-era threats. Published annually, it is one of the broadest threat assessments available.

The IBM X-Force Threat Intelligence Index reports on the most common attack vectors, top actions on objective, and industry targeting based on IBM's incident response and threat intelligence data. Published annually, it is a key benchmark for how attackers gain and use access.

The Unit 42 Global Incident Response Report analyzes hundreds of incident response cases to surface trends in ransomware, extortion, initial access, and attacker dwell time. It is a practitioner-focused view grounded in real engagements.

The Fortinet Global Threat Landscape Report from FortiGuard Labs analyzes exploit, malware, and botnet activity across Fortinet's global sensor network to highlight the most active threats and attacker behaviors.

Sophos's State of Ransomware surveys thousands of IT and security leaders worldwide to quantify ransomware frequency, root causes, ransom payments, and recovery costs. Published annually, it is one of the most-cited ransomware benchmarks.

The Verizon Mobile Security Index assesses the state of mobile and IoT security, surveying organizations on threats, incidents, and the maturity of their mobile defenses. It is a leading reference for mobile-specific risk.

Sonatype's State of the Software Supply Chain analyzes open-source consumption, malicious package trends, and dependency risk across millions of projects. Published annually, it is the leading benchmark for software supply chain security.

Veracode's State of Software Security analyzes scan data from hundreds of thousands of applications to report on flaw prevalence, security debt, and remediation rates. It is one of the longest-running data-driven AppSec reports.

Orca Security's State of Cloud Security Report analyzes real cloud environments to surface the most common misconfigurations, exposures, and risky attack paths across AWS, Azure, and Google Cloud.

The Google Cloud Threat Horizons Report delivers cloud-focused threat intelligence and forecasts from Google's security teams, covering credential abuse, misconfigurations, and emerging cloud attack trends.

Europol's IOCTA is the European Union's flagship law-enforcement assessment of the cybercrime landscape, covering ransomware, online fraud, child sexual exploitation, and the criminal ecosystem enabling them.

The Imperva Bad Bot Report (by Thales) analyzes global web traffic to quantify the share of traffic driven by automated bots, including credential stuffing, scraping, and account takeover. It is the leading benchmark on bot activity.