Skip to content

Annual Security Reports

Awesome Annual Security Reports Awesome

A curated list of annual cyber security reports - Centralized annual cybersecurity analysis and industry surveys

Definition: The cybersecurity landscape is constantly evolving, making it hard for CIOs, CISOs, and security leaders to keep up. They're flooded with annual reports from research consultancies, industry working groups, non-profits, and government agencies, and sifting through marketing material to find actionable insights is a major challenge. This list aims to cut through the noise by providing a vendor-neutral resource for the latest security trends, tools, and partnerships. It curates information from trusted sources, making it easier for security leaders to make informed decisions.

Limitations: This is not a repository for project-specific documents such as white papers, intelligence reports, technical specifications, or standards. While all user-submitted uploads or report requests are welcome, we should draw a box around this awesome list.

Accessibility When possible, all reports will be sourced from their original authors and uploaded to Virus Total via GitHub action to provide an added level of confidence. The resulting analysis link will be included in the PDF commit notes. Additionally, all PDF reports will be converted to Markdown using AI, based on the AI Prompts defined in this repository.

Acknowledgement: I would like to give recognition for other works that inspired this collection. Richard Stiennon produces an annual, comprehensive industry analysis that surpasses the scope of this list and deserves attention. Additionally, Rick Howard's cyber cannon list of must-read books is an invaluable resource, catering to both leadership and practitioner levels within the field.

Annual Report Counts:

GitHub repo file or directory count (in path) GitHub repo file or directory count (in path) GitHub repo file or directory count (in path) GitHub repo file or directory count (in path) GitHub repo file or directory count (in path) GitHub repo file or directory count (in path)

Overview

Reports are organized into two main categories based on their data sources: - Analysis: Generated through quantification and qualification of data from sensor networks or cybersecurity services. - Survey: Derived from surveys, interviews, or consulting engagements that capture industry sentiment and practices.

The most recent versions of reports are listed below. Older editions are preserved in their corresponding yearly directories. Reports from sources that have not been updated in the last three years will no longer appear in this README.md but will remain accessible in the respective year's directory.

Reports are organized by their primary focus. Although many reports span multiple topics, this classification provides a clearer structure. Within each topic, reports are listed alphabetically.

Analysis Reports

Threat Intelligence

  • ArticWolfLabs - Cybersecurity Predictions (2025) - Analyzes evolving threat landscapes and predicts key cybersecurity challenges for 2025. The report highlights the increasing sophistication of social engineering attacks, emphasizing the critical need for robust multi-factor authentication (MFA) implementations and vigilance against evolving tactics, techniques, and procedures (TTPs).
  • Australian Signals Directorate - Cyber Threat Report (2024) - Analyzes the Australian cyber threat landscape for 2023-2024, focusing on state actors, critical infrastructure attacks, cybercrime, hacktivism, and national resilience efforts. Key findings highlight a significant increase in ransomware attacks targeting critical infrastructure and a concerning rise in hacktivism motivated by geopolitical events.
  • BD - Product Security Annual Report (2023) - Analyzes the cybersecurity posture of BD's medical device ecosystem and its products. Key findings highlight the importance of collaborative vulnerability disclosure and the implementation of strong cybersecurity controls throughout the product lifecycle to mitigate risks within the healthcare sector.
  • Blackpoint - Annual Threat Report (2024) - Analyzes the 2023 cyberthreat landscape and emerging trends. Key findings highlight a concerning rise in exploitation of vulnerabilities like Citrix Bleed, alongside shifts in threat actor tactics and industry-specific vulnerabilities.
  • CheckPoint - Cybersecurity Report (2025) - Analyzes global cybersecurity events and trends in 2024, offering predictions and recommendations for CISOs in 2025. Key findings highlight the impact of AI and cloud advancements on cybercrime, emphasizing the need for proactive security measures and adaptive strategies.
  • Cisco - Cyber Threats Trends Report (2025) - Analyzes current cyber threat trends, focusing on information stealers, Trojans, ransomware, RATs, and APTs. Key findings reveal a significant increase in the sophistication and volume of attacks, particularly concerning the use of information stealers and the continued evolution of ransomware techniques.
  • CrowdStrike - Global Threat Report (2025) - Analyzes global threat trends and key adversary tactics for 2025. Significant findings include the increasing use of generative AI by adversaries, the persistent threat of social engineering, and the growing sophistication of cloud-based attacks targeting SaaS platforms.
  • Crowdstrike - Threat Hunting Report (2025) - Examines the evolving landscape of interactive cyber intrusions and the proactive threat hunting strategies required to counter advanced adversaries. Key findings reveal a 136% surge in cloud intrusions, the increasing use of generative AI by threat actors, and a dramatic rise in vishing attacks.
  • DarkTrace - Annual Threat Report (2024) - Analyzes the 2024 threat landscape, focusing on ransomware, email threats, and state-sponsored espionage. Key findings reveal the persistence of ransomware attacks, the increasing sophistication of LOTL techniques, and a notable rise in threats targeting operational technology and critical infrastructure sectors.
  • DeepInstinct - Threat Landscape Report (2025) - Analyzes global malware trends and ransomware attacks in 2024, offering predictions for 2025. Key findings highlight a continued rise in ransomware attacks targeting specific sectors, coupled with the evolving tactics of ransomware groups and the impact of sanctions and disclosures on their operations.
  • DeepWatch - Annual Threat Report (2024) - Analyzes 2023 adversary tactics and intelligence, focusing on observed trends and key threat actors. Key findings highlight the continued dominance of account compromise and ransomware incidents, alongside the persistent exploitation of critical vulnerabilities in internet-facing systems.
  • Department of Homeland Security - Threat Assessment (2025) - Analyzes homeland security threats in 2025, focusing on terrorism, transnational crime, and threats to critical infrastructure. Key concerns include the evolving tactics of nation-state actors, the persistent threat of cyberattacks targeting critical infrastructure, and the increasing challenges posed by transnational criminal organizations.
  • DNSFilter - Annual Security Report (2025) - Analyzes 2024 cybersecurity trends, focusing on data breaches and their impact across various regions. Key findings reveal a significant increase in threats related to natural disasters and election-related attacks, coupled with an uneven adoption of security measures among Managed Service Providers (MSPs).
  • Dragos - OT Cybersecurity Report A Year in Review (2025) - Analyzes the 2025 OT/ICS cybersecurity landscape, focusing on adversary tactics and defender progress. Key findings reveal a rise in OT-centric cyber operations fueled by geopolitical tensions, particularly the Ukraine-Russia conflict, and the increasing activity of threat groups like KAMACITE and ELECTRUM.
  • ENISA - Threat Landscape Report (2024) - Analyzes the 2024 threat landscape, focusing on evolving trends in cyberattacks and vulnerabilities. Key findings highlight the persistent threat of ransomware, the increasing sophistication of social engineering tactics, and a concerning rise in data breaches targeting critical infrastructure.
  • Ensign - Cyber Threat Landscape Report (2024) - Analyzes cybersecurity threat trends across the Asia-Pacific region in 2023. Key findings highlight the evolution of ransomware extortion tactics and the increasing sophistication of hacktivist groups, alongside a notable rise in attacks targeting digital infrastructure.
  • Expel - Annual Threat Report (2025) - Analyzes cybersecurity trends from 2024, focusing on cloud security, phishing, and other threats. Key findings reveal diverse threat actor tactics across various industries, highlighting the need for proactive detection and preventative measures.
  • FBI - Internet Crime Report (2024) - Analyzes 2024 cybercrime trends and complaint data reported to the Internet Crime Complaint Center (IC3). Key findings reveal a significant increase in cyber-enabled fraud complaints across various age groups, with notable regional disparities in reported incidents.
  • Flashpoint - Global Threat Intelligence Report (2025) - Analyzes the 2025 global cyber threat landscape, focusing on data breaches and information-stealing malware. Key findings reveal significant trends in unauthorized access methods and the evolving tactics used by threat actors, impacting various sectors and requiring updated security strategies.
  • Fortinet - Global Threat Report (2025) - Analyzes the evolving global threat landscape and attacker tactics. Key findings reveal a surge in cyber reconnaissance activity driven by automated scanning and a significant shift in attacker focus towards cloud environments and post-exploitation techniques.
  • Huntress - Threat Report (2025) - Analyzes the 2024 cyber threat landscape, focusing on ransomware attacks and their impact across various sectors. Key findings reveal a concerning increase in ransomware attacks targeting healthcare and technology sectors, with a notable rise in the use of Remote Monitoring and Management (RMM) tools for lateral movement.
  • IBM - X Force Threat Intelligence Index (2025) - Analyzes emerging cybersecurity threats and trends for 2025. Key findings highlight the increasing use of AI in attacks, the persistence of info-stealers, and the significant role of phishing and cloud-based infrastructure in successful compromises.
  • Kela - AI Threat Report (2025) - Analyzes the weaponization of AI by cybercriminals, focusing on emerging threats and attack vectors. Key findings reveal a 200% increase in mentions of malicious AI in 2024, highlighting the rapid growth of dark AI tools and their use in automated phishing, vulnerability research, and malware development.
  • Mandiant - M Trends (2025) - Analyzes global cybersecurity threats and trends in 2025. Key findings include insights into ransomware attacks, cloud compromises, and the evolving tactics of various nation-state actors.
  • Microsoft - Digital Defense Report (2024) - Analyzes the evolving cybersecurity threat landscape and key developments in threat actor motivations and tactics. Significant findings include the blurring lines between nation-state actors and cybercriminals, along with quantifiable data on nation-state threat activity.
  • Mimecast - Global Threat Intelligence Report H2 (2024) - Outlines a method for converting technical PDFs into Markdown. The key focus is on complete fidelity, preserving all content, structure, and formatting, including a functional Table of Contents and descriptions of images rather than embedding them.
  • National Cyber Security Centre - Cyber Threat Report (2024) - Analyzes New Zealand's cyber threat landscape for 2023-2024, focusing on state actors, critical infrastructure attacks, cybercrime, hacktivism, and national resilience efforts. Key findings highlight a notable increase in ransomware attacks targeting critical infrastructure and a growing sophistication of state-sponsored cyber operations.
  • NCC Group - Threat Monitor Report (2024) - Provides an analysis of current cyber threats, offering insights into attack trends, vulnerabilities, and strategies for improving organizational cybersecurity.
  • Office of the Director of National Intelligence - Annual Threat Assessment (2025) - This assessment analyzes the evolving threat landscape to U.S. national security posed by state and non-state actors. Key concerns include the increasing cooperation between adversarial states and the persistent threat from transnational criminal organizations, particularly in the illicit drug trade and extremist activities.
  • OrangeCyberDefense - Security Navigator (2025) - Analyzes the evolving cybersecurity threat landscape and proactive mitigation strategies. Key findings reveal a rise in cyber extortion, AI-driven attacks, and threats to operational and mobile networks, necessitating innovative defensive adaptations.
  • Picus - RedReport (2025) - Analyzes the ten most prevalent MITRE ATT&CK® techniques used by threat actors. Key findings reveal a high prevalence of techniques related to process injection, command execution, and credential harvesting, highlighting the persistent reliance on established attack vectors.
  • Rapid7 - Attack Intelligence Report (2024) - Analyzes vulnerability exploitation trends and ransomware attack vectors in 2023. Key findings reveal a rise in pre-patch exploitation and the continued prevalence of file transfer protocol vulnerabilities as initial access vectors for ransomware.
  • RecordedFuture - Cyber Threat Analysis Report (2024) - Analyzes the impact of SaaS application proliferation on cyberattacks in 2024. Key findings reveal the significant role of stolen credentials and MFA failures in data breaches, alongside the increased use of generative AI in influence operations and a rise in ransomware variants.
  • RedCanary - Threat Detection Report (2025) - Analyzes emerging threat detection trends in 2025, focusing on ransomware, initial access vectors, and identity-based attacks. Key findings reveal a significant increase in API abuse within cloud environments and the growing sophistication of AI-powered adversary emulation techniques.
  • ReliaQuest - Annual Threat Report (2025) - Analyzes 2024 cyber-threat trends, focusing on initial access tactics and their effectiveness. Key findings reveal inadequate logging as the root cause of most breaches, with session hijacking bypassing multi-factor authentication in all successful business email compromise incidents.
  • Secureworks - State of the Threat (2024) - Analyzes global cybercrime trends and threat actor activities throughout the year. Key findings reveal persistent cybercrime growth despite law enforcement efforts, coupled with significant increases in hacktivism and state-sponsored attacks.
  • SonicWall - Cyber Threat Report (2025) - Analyzes the evolving landscape of cyber threats in 2024, focusing on the rise of ransomware, BEC attacks, and the impact of AI-powered tools. Key findings highlight a significant increase in ransomware and BEC attacks, coupled with the concerning ease with which threat actors can leverage AI and readily available tools to launch sophisticated campaigns.
  • Sophos - Threat Report (2024) - Analyzes the evolving landscape of cybercrime, focusing on its impact on small and medium-sized businesses. Key findings reveal ransomware as a persistent major threat, exacerbated by the rise of cybercrime-as-a-service and the increasing sophistication of social engineering tactics.
  • Trellix - Advanced Threat Research Report (2024) - Analyzes global cyber threats and nation-state activity in June 2024. Key findings reveal a rise in APT group activity targeting specific regions, utilizing both malicious and non-malicious tools, with a notable focus on Volt Typhoon.
  • TrendMicro - Annual Cybersecurity Threat Report (2025) - Analyzes enterprise cyber risk exposure across sectors and regions using telemetry from Trend Vision One's Cyber Risk Index framework. Key findings show the education sector maintained the highest risk throughout 2024, while larger organizations exhibited greater exposure due to complex infrastructures and expanded attack surfaces.
  • Trustwave - Energy Utilities Risk Radar (2025) - Analyzes the unique cybersecurity challenges and evolving threat landscape facing the critical energy and utilities sector. Key findings highlight an 80% year-over-year increase in ransomware attacks, predominantly initiated by phishing (84%) and leveraging remote services for lateral movement (96%).
  • Trustwave - Healthcare Risk Radar (2025) - Analyzes the evolving cybersecurity risk profile of the healthcare sector, detailing emergent threats and vulnerabilities. Key findings reveal that 45% of attacks originated from exploiting public-facing applications, with ransomware groups like Ransomhub and LockBit 3.0 predominantly targeting US-based healthcare organizations.
  • Trustwave - Hospitality Risk Radar (2025) - Examines the persistent threat landscape and unique cybersecurity challenges facing the hospitality sector. Key findings highlight a massive attack surface from publicly exposed services, which account for 61.5% of initial access attempts, and a significant volume of critical vulnerabilities.
  • United States Department of Defense - OSINT Strategy 2024–2028 (2024) - Outlines the Department of Defense's approach to open-source intelligence (OSINT) as a vital resource for decision-makers and warfighters, emphasizing OSINT's role in enhancing situational awareness and operational effectiveness.
  • Upstream - Global Automotive Cybersecurity Report (2025) - Analyzes the expanding cybersecurity gap in the automotive and smart mobility sectors. Key findings reveal a surge in ransomware attacks in 2024 and the increasing vulnerability of critical infrastructure due to the proliferation of smart mobility devices.
  • WatchGuard - Threat Report (2025) - Analyzes network and endpoint threat activity observed across WatchGuard security appliances in Q1 2025. Notable findings include a 171% spike in network-detected malware per device and a 712% increase in new, unique endpoint malware samples, signaling a surge in evasive and novel threats.
  • United States White House - Cybersecurity Posture of the United States (2024) - Analyzes the cybersecurity posture of the United States in 2024. Key findings highlight evolving risks to critical infrastructure, the persistent threat of ransomware, and the increasing exploitation of supply chains alongside the growing use of commercial spyware and the implications of artificial intelligence.

Application Security

  • BlackDuck - Software Vulnerability Snapshot Report (2024) - Analyzes the 2024 software vulnerability landscape, focusing on the top ten vulnerability classes identified. A significant increase in critical-risk vulnerabilities was observed across multiple sectors, highlighting the urgent need for enhanced security testing methodologies.
  • Blackduck - Open Source Risk Analysis Report (2025) - Analyzes open source software risk, detailing findings related to security vulnerabilities, licensing issues, and component maintenance based on audit data. Significant findings reveal open source in nearly all codebases (97%), with a striking 90% containing components over four years out-of-date and 64% being untrackable transitive dependencies.
  • Chainguard - State of Hardened Container Images Report (2024) - Focuses on the security posture of hardened container images, specifically comparing Red Hat UBI variants with Chainguard Images. The analysis reveals key differences in image composition and security practices, highlighting the importance of digital signatures and SBOM inclusion for mitigating software vulnerabilities in containerized environments.
  • DigitalAI - Application Security Threat Report (2025) - Quantifies evolving risks in modern application security. Key findings highlight industry trends, attack data categorized by industry and OS (Android vs. iOS), and regional variations in attack rates.
  • Escape - State of API Exposure (2024) - Analyzes API security across Fortune 1000 and CAC 40 companies, uncovering 30,000 exposed APIs and 100,000 API issues, emphasizing risks in large organizations. Key findings reveal the pervasive nature of API security issues and the need for improved security measures.
  • GitGuardian - State of Secrets Sprawl (2025) - Analyzes the prevalence of secrets sprawl in 2024, focusing on the types of secrets exposed and their locations within software development lifecycles. Key findings reveal that generic secrets comprise 58% of all detected leaks, private repositories are eight times more likely to contain secrets than public ones, and collaboration tools represent a significantly overlooked source of exposure.
  • Grip - SaaS Security Risks Report (2025) - Outlines key security risks associated with the growing adoption of SaaS applications, including trends in usage across industries and specific SaaS app statistics. Key findings reveal a significant increase in shadow SaaS deployments and the rapid growth of AI-powered tools, posing substantial and largely unmanaged security risks.
  • Kodem - State of AppSec Workflow (2025) - Analyzes application security workflows, identifying key bottlenecks and pain points in current practices. The primary bottleneck is remediation, exacerbated by alert fatigue and inefficient vulnerability triage, highlighting the need for increased automation and adaptation to modern development environments.
  • LegitSecurity - State of Application Risk Report (2025) - Examines the current state of application risk in 2025, focusing on common vulnerabilities and security testing inefficiencies. Key findings reveal significant issues with secrets exposure, AI-related risks, and software supply chain vulnerabilities, highlighting a need for improved security practices across the software development lifecycle.
  • RunZero - Research Report (2024) - Examines a broad range of organizational and network security issues through an innovative asset-centric approach, with a focus on "dark matter" in networks, segmentation issues, and unusual asset detection. Key findings highlight the risks associated with unusual assets and the resurgence of older threats alongside emerging vulnerabilities, emphasizing the need for specific AI-driven security solutions.
  • Salt - State Of API Security (2025) - Highlights the persistent challenges and evolving landscape of API security, driven by rapid digital transformation and cloud migration. Despite widespread API adoption and a nearly universal encounter with security issues, many organizations struggle with accurate inventory, real-time monitoring, and robust posture governance, alongside emerging GenAI-driven risks.
  • Sonatype - Open Source Malware Threat Report (2024) - Examines the proliferation of open source malware, or malicious open source packages posing unprecedented risks in the form of software supply chain attacks. Key highlights include a 156% year-over-year increase in malicious open source packages, highlighting the growing threat of intentionally crafted malware in software supply chain attacks.
  • United States Department of Defense - State of DevSecOps (2025) - Focuses on the adoption of DevSecOps practices within the United States Department of Defense. A key finding is the Air Force's launch of a new software directorate, highlighting a move towards integrating security earlier in the software development lifecycle.
  • Veracode - State Of Software Security Report (2025) - Analyzes the evolving state of software security, examining key metrics for maturity and risk management, particularly in the AI era. Key findings indicate a significant increase in high-severity flaws and average fix times despite improved OWASP Top 10 pass rates, with 70% of critical security debt originating from third-party code.
  • Wallarm - API Threat Stats Report (2025) - Examines API security threats in Q1 2025, focusing on the impact of agentic AI systems and evolving cloud-native infrastructure. Key findings highlight a rapid increase in API breaches driven by increasingly sophisticated attack vectors and a surge in software supply chain vulnerabilities.
  • Wiz - State of Code Security (2025) - Examines the security posture of code repositories and CI/CD pipelines, highlighting the deep connection between code and cloud environments. It reveals that 61% of organizations have secrets exposed in public repositories , with GitHub dominating the VCS landscape but also exhibiting a significantly higher ratio of public repositories with insecure workflow permissions and weak branch protection.

Cloud Security

  • Censys - State of the Internet (2024) - Analyzes the internet exposure of Industrial Control Systems (ICS), focusing on the vulnerabilities beyond simple protocol exposure. Key findings reveal a complex security landscape where human-machine interface vulnerabilities and outdated protocols pose significant risks, demanding a more nuanced approach to ICS security.
  • Google - Threat Horizons Report (2025) - Analyzes evolving cloud security threats, focusing on advanced actor tactics for evasion, persistence, and supply chain compromise across cloud environments.
  • Hornet - Cybersecurity Report (2025) - Analyzes the current Microsoft 365 threat landscape, focusing on email security trends and attack techniques. Key findings reveal a significant increase in sophisticated attacks utilizing brand impersonation and malicious attachments, with notable variations in threat levels across different business sectors.
  • IBM - X-Force Cloud Threat Landscape Report (2024) - Analyzes the evolving cloud threat landscape and its impact across various industries. Key findings reveal a significant increase in cloud-based attacks targeting SaaS platforms and a concerning rise in security rule failures within cloud environments.
  • Sysdig - Cloud Native Security and Usage Report (2025) - Analyzes cloud-native security trends and usage patterns in 2025. Key findings reveal a significant increase in the adoption of runtime security tools and a growing focus on securing AI/ML workloads, alongside persistent challenges in managing identities across human and machine interactions.
  • Wiz - Cloud Data Security Snapshot (2025) - Analyzes current cloud data security exposure trends. A significant finding reveals that 54% of cloud environments have exposed assets containing sensitive data, highlighting the critical need for improved access controls and vulnerability management.
  • Wiz - State of AI in the Cloud (2025) - Analyzes the current state of AI in cloud environments, focusing on adoption rates, security challenges, and governance issues. Key findings reveal DeepSeek's rapid growth and the continued dominance of OpenAI, alongside a rising trend of self-hosted AI deployments and stabilized adoption of AI managed services.

Vulnerabilities

  • BeyondTrust - Microsoft Vulnerability Report (2025) - Analyzes the 2024 landscape of Microsoft vulnerabilities and their long-term trends. Key findings indicate a record high of 1,360 total vulnerabilities, alongside an all-time low of 78 critical vulnerabilities, though Microsoft Edge saw an unexpected rise in critical issues.
  • Chainguard - The Cost of CVEs (2025) - Aanalyzes the financial impact of CVE management on organizations using containerized environments. Key findings indicate that mid-market organizations can unlock significant value through decreased risk (2.8M), increased revenue (2.2M), and faster innovation ($3.3M) by improving their CVE management practices and compliance.
  • Edgescan - Midyear Vulnerability Statistics Report (2025) - Provides mid-year vulnerability statistics and insights drawn from extensive full-stack security assessments and penetration tests. Key findings indicate vulnerabilities are nearly equally dispersed across network/cloud and web application layers, though network/cloud exhibits a higher proportion of critical findings while web applications show greater vulnerability density per asset.
  • Flexera - Annual Vulnerability Review (2024) - Provides software vulnerability trends and threat intelligence from 2024. Key findings highlight the criticality of advisories and their impact, along with an examination of advisory rejection rates and the prevalence of vulnerabilities across various assets.
  • Synack - State of Vulnerabilities Report (2024) - Analyzes trends in software vulnerabilities affecting large enterprises and government agencies. Key findings reveal a 180% surge in real-world vulnerability exploitation across five industries (healthcare, financial services, U.S. federal government, technology and manufacturing).

Ransomware

  • Gen - Threat Report (2025) - Examines prevalent cyber threats and their impact on ordinary users during Q2/2025. Notable insights reveal the first instance of AI-powered ransomware, a staggering 340% increase in Facebook-based financial scams, and a 317% rise in malicious push notifications.
  • Guidepoint - GRIT Ransomware Annual Report (2025) - Analyzes ransomware and cyber threat trends in 2025, focusing on ransomware taxonomy, threat actors, and impacted industries. Key findings include an in-depth look at the RansomHub threat actor and a spotlight on critical infrastructure vulnerabilities, along with an analysis of post-compromise detection methods.
  • PaloAlto - Ransomware Review (2024) - Analyzes ransomware trends during the first half of 2024. Key findings include the impact of law enforcement takedowns on various threat groups, the emergence of fraudulent activities by some groups post-takedown, and the observed retirement or transition of several significant players.
  • Veeam - Ransomware Trends (2025) - Analyzes the evolving ransomware threat landscape and proactive resilience strategies for 2025. Key findings reveal a slight decrease in overall attack impact, a significant decline in ransom payments, and a rise in data exfiltration attacks as threat actors adapt to increased law enforcement pressure.
  • Vipre - Email Threat Report (2025) - Examines email-based threat trends and evolving social engineering tactics observed in Q2 2025, emphasizing human-centered attacks. Key findings highlight the sustained targeting of manufacturing and retail, a significant shift towards customized phishing deployments, and BEC scams increasingly localized to Scandinavian languages.
  • Zscaler - Threatlabz Ransomware Report (2025) - Examines the current ransomware landscape, detailing top trends, targets, and evolving attack methodologies. Key findings reveal a 145.9% surge in blocked ransomware attempts and a 92.7% increase in data exfiltration, signaling a broader shift towards data-only extortion, with generative AI further enhancing attack sophistication.

Data Breaches

  • Cyentia - Information Risk Insights Study (2025) - Analyzes incident probability and the increasing risks associated with third-party relationships. A key finding is that incident probability has almost quadrupled in the last 15 years, driven in part by threat actors exploiting trusted relationships with external service providers to compromise target organizations.
  • IBM - Cost Of A Data Breach Report (2025) - Analyzes the financial impact of data breaches, with a significant focus on the emerging risks and benefits associated with artificial intelligence adoption. While global average breach costs declined to USD 4.44 million due to AI-powered defenses, findings reveal that 97% of AI-related breaches lacked proper access controls, and 16% involved AI-driven attacks.
  • Verizon - Data Breach Investigations Report (2025) - Analyzes data breach trends and patterns from 2025. Key findings reveal a significant increase in social engineering attacks and a persistent reliance on easily exploitable web application vulnerabilities, highlighting the need for improved employee security awareness training and robust application security measures.
  • Identity Theft Resource Center - Annual Data Breach Report (2024) - Analyzes 2024 data breaches, focusing on trends in identity theft and compromise notifications. Key findings reveal a continued high volume of breaches across various sectors, with little impact observed from current data disclosure requirements.

Physical Security

  • Genetec - State of Physical Security (2025) - Analyzes the current state of physical security, focusing on global trends and challenges in 2025. Key findings reveal persistent recruiting difficulties, fluctuating budgets impacting project timelines, and the growing influence of IT in physical security decisions alongside increasing cloud adoption.
  • Security Industry Association - Security Megatrends (2025) - This report outlines eight key security megatrends for 2025. Significant trends highlighted include the increasing importance of AI-driven security automation, the convergence of IT and OT security, and the democratization of identity and mobile credentials.
  • Nozomi - Networks OT IoT Security Report (2025) - Analyzes operational technology (OT) and internet of things (IoT) cybersecurity trends in the second half of 2024. Key findings reveal a significant increase in sophisticated attacks targeting industrial control systems, highlighting the growing need for robust security measures in critical infrastructure.
  • Trustwave - Manufacturing Risk Radar Report (2025) - Analyzes the evolving threat landscape for the manufacturing sector in 2025. Key findings highlight the increasing convergence of IT and OT systems, a persistent rise in ransomware attacks, and the need for enhanced security measures across all attack stages.

AI and Emerging Technologies

  • Australian Institute of Company Directors - Directors Introduction to AI (2025) - Offers practical guidance for directors on establishing robust AI governance frameworks, adapting to the technology's unique characteristics. The guide highlights a critical gap in current board oversight of AI, advocating for bespoke governance frameworks that address AI's unique risks, data dependencies, and the imperative for ethical deployment.
  • IT Harvest - State Of Cyber (2025) - Examines the performance and key trends of the global cybersecurity industry during H1 2025. Key insights include an overall market contraction of 6.4% in vendor growth, juxtaposed with AI Security emerging as a dominant sector, comprising nearly one in three new startups.
  • Okta - Secure Sign in Trends Report (2024) - Analyzes multi-factor authentication (MFA) adoption trends and authenticator usage. Key findings reveal variations in adoption rates across regions, industries, and organization sizes, with specific insights into the security and usability of different authenticator types.
  • Orca - State Of AI Security Report (2024) - Examines the state of AI security within cloud environments, detailing usage patterns, common misconfigurations, and identified risks. Key findings reveal that over half of organizations deploy custom AI models, frequently accept insecure default settings, and face a high prevalence of low-to-medium risk vulnerabilities in AI packages.
  • Pindrop - Voice Intelligence And Security Report Report (2025) - Examines the evolving landscape of voice intelligence and security, focusing on the impact of generative AI on fraud. Key findings reveal a more than 1,300% surge in deepfake attacks and a 26% increase in overall fraud attempts, with deepfake fraud projected to rise by 162% in 2025.
  • Reco - State Of Shadow AI Report (2025) - Examines the pervasive adoption and inherent security risks of unsanctioned AI tools across enterprises. Key findings reveal OpenAI accounts for 53% of all shadow AI usage, while many popular tools lack fundamental security controls and persist unsanctioned for over 400 days on average.
  • ZScaler - AI Security Report (2025) - Examines the multifaceted landscape of artificial intelligence in cybersecurity, covering AI/ML adoption trends, AI-driven threats, and essential security capabilities. Key findings highlight an exponential 36x year-over-year increase in AI/ML tool usage, with enterprises blocking nearly 60% of all AI/ML transactions due to data security concerns.
  • Zimperium - Global Mobile Threat Report (2025) - Analyzes the evolving global mobile threat landscape, detailing prevalent attack vectors targeting enterprise mobile devices and applications. Key findings highlight a surge in mobile phishing (mishing), the pervasive risk of unupgradable devices (25.3%), and the growing threat of sideloaded applications present on nearly a quarter of enterprise devices.

Survey Reports

  • Accenture - State of Cybersecurity Resilience (2025) - Analyzes the widening gap between AI adoption and cybersecurity maturity across global enterprises. Key findings reveal only 13% of organizations possess advanced capabilities to defend against AI-driven threats, while just 10% have reached a proactive security posture that significantly reduces attack risk and technical debt.
  • Aon - Intangible vs. Tangible Risk Report (2024) - Analyzes the evolving risks associated with intangible assets like AI and intellectual property (IP) in the context of cybersecurity. Key findings reveal that generative AI and cybersecurity are top CEO concerns, and new AI regulations may inadvertently increase litigation related to intellectual property rights.
  • CompTIA - State of Cybersecurity (2025) - Analyzes the current state of cybersecurity, focusing on organizational priorities, incident impact, and workforce development needs. Key findings reveal that cybersecurity is a high priority for 59% of organizations, yet 56% experienced significant incident impact, highlighting a critical skills gap and the growing influence of generative AI on cybersecurity strategies.
  • Deloitte - Future of Cyber Survey (2024) - Explores the evolving role of cybersecurity in driving strategic business value. Key findings reveal a growing influence of CISOs within the C-suite and a deepening integration of cybersecurity into technology-driven business programs.
  • FERMA - Global Risk Manager Survey Report (2024) - Analysis of global risk management practices across 77 countries and six regional associations. Key findings reveal a significantly increased focus on corporate strategy integration and the growing maturity of enterprise risk management models, particularly concerning sustainability risks.
  • ISC2 - Cyberthreat Defense Report (2024) - Examines the current state of cyberthreat defense, including emerging threats and defense strategies across various industries. Key findings reveal a persistent skills shortage alongside growing concerns about AI's dual impact on cybersecurity, both enhancing defenses and creating new attack vectors.
  • KnowBe4 - Cybersecurity Culture Report (2024) - Explores the state of cybersecurity culture in organizations, highlighting trends and best practices across different sectors. Key findings indicates Security culture greatly varies across the world, indicating a siloed approach is not sustainable. problem in our fully connected world
  • Kong - API Security Perspectives (2025) - Outlines the growing threat of AI-enhanced attacks on APIs and emphasizes the need for robust API security measures and the rising risks associated with these new types of threats.
  • Norton - Cyber Safety Insights Report (2024) - Provides insights into consumer cyber safety trends and challenges across various industries. Key findings reveal that one in four users have been targeted by dating scams, and nearly one-third have experienced catfishing, highlighting the significant prevalence of online dating fraud.
  • Proofpoint - Voice of the CISO Report (2024) - Insights into the perspectives and challenges faced by Chief Information Security Officers across different sectors. Key findings reveal persistent concerns around human error and insider threats, coupled with growing confidence in navigating evolving cybersecurity landscapes.
  • PWC - Global Digital Trust Insights Report (2025) - Examines the current state of cyber resilience, identifying critical gaps in organizational preparedness and implementation. Key findings reveal only 2% of organizations have fully implemented cyber resilience actions, alongside significant gaps in CISO involvement in strategic planning and a confidence disparity between CEOs and CISOs regarding AI regulations.
  • Salt - CISO and CIO Investment Priorities (2025) - Surveys key cybersecurity investment priorities for CISOs and CIOs in 2025, as detailed in a white paper by Osterman Research and sponsored by Salt Security. Key findings highlight shifts in priorities based on evolving threat landscapes and increased focus on incident response and proactive security measures.
  • SANS - Cyber Threat Hunting Survey (2025) - Analyzes the decade-long evolution of threat hunting capabilities within organizations, addressing persistent challenges posed by AI adoption and cloud environments.
  • Splunk - State Of Security (2025) - Examines the evolving challenges and future strategies for Security Operations Centers (SOCs). Highlights that inefficiencies, primarily from excessive tool maintenance and alert overload, significantly hinder operations, while AI is becoming a key driver for efficiency despite prevalent trust concerns.
  • Team8 - CISO Survey (2025) - Outlines critical trends and strategic imperatives shaping the future of cybersecurity, based on the 2025 CISO Village Survey. Notable findings reveal record cybersecurity budget increases, a dual perception of AI as both a threat and a defensive tool, and heightened CISO personal liability amidst stringent regulatory changes.
  • Vanta - State of Trust Report (2024) - Explores the growing challenges in building and maintaining trust for organizations, focusing on security risks, compliance burdens, and the increasing third-party vendor risks. Key findings reveal the increasing difficulty of managing compliance burdens, third-party risks, and the impact of AI adoption on security posture.
  • Verizon - Mobile Security Index (2024) - Provides insights into mobile and IoT security risks, focusing on their amplified impact within critical infrastructure sectors. Key findings reveal a widespread perception of increased risk across all sectors, with significantly higher breach risks and impacts observed in critical infrastructure due to high IoT usage.
  • World Economic Forum - Global Cybersecurity Outlook (2025) - Provides a global perspective on cybersecurity trends and challenges exploring the impact of emerging technologies, geopolitical tensions, and cybercrime. Key findings reveal a growing complexity in cyberspace, driven by increased digitalization and interconnectedness, necessitating proactive and adaptive security strategies.

Application Security

  • BlackDuck - Global State of DevSecOps (2024) - Provides insights into the current state of DevSecOps, focusing on the impact of AI-assisted coding and evolving security testing practices. Key findings reveal a significant shift towards AI-driven security testing, alongside challenges in effectively interpreting and acting upon resulting security test data.
  • Checkmarx - Future Of Application Security (2025) - Analyzes the current state and future challenges of application security amidst rapid developer velocity and the pervasive integration of AI in development workflows.
  • Checkmarx - State of Software Supply Chain Security (2024) - Provides insights into current trends in supply chain threats across industries such as banking and finance, insurance, software, technology, engineering, manufacturing, industrial, and public sector. Key findings reveal a significant reliance on Software Composition Analysis (SCA) as a foundational element, while the adoption of Software Bill of Materials (SBOMs) and broader interdisciplinary SSCS programs lags behind.
  • Cycode - State of Application Security Posture Management (2025) - Examines application security challenges and strategies from the perspectives of CISOs, AppSec Directors, and DevSecOps managers across the UK, US, and Germany. Key findings reveal inefficiencies strain the relationship between security and development teams, eroding trust and hindering productivity.
  • Cypress Data Defense - State of Application Security Report (2025) - Reveals a growing crisis in application security, with 62% of organizations knowingly releasing insecure code to meet delivery deadlines. The report highlights burnout among security teams, resource constraints, and a troubling misalignment between AppSec budgets and actual breach risk. Based on a survey of 250 senior IT and security leaders across North America, findings show breach costs averaging $9.48M per incident while nearly 90% of organizations dedicate only 11–20% of their security budgets to AppSec.
  • Snyk - State of Open Source Security (2024) - Examines the current state of open source security, including trends and challenges across various industries. Key findings indicate a plateau in OSS security improvements, with concerning declines in several key areas such as dependency tracking and a lack of significant year-over-year progress in supply chain security maturity.
  • Traceable - Global State of API Security (2025) - Annual survey gathering insights from 1,548 respondents across 100+ countries on the state of API security. Key findings reveal a persistent increase in API-related breaches, the inadequacy of traditional security solutions, and the growing risk posed by bot attacks and the integration of generative AI.

Cloud Security

  • Crowdstrike - SaaS Security Posture Management (2025) - Analyizes the 2024 SaaS Security Posture Management market, benchmarking companies' innovation and growth potential. Key findings highlight a competitive landscape with significant growth opportunities and best practices for companies seeking to improve their security posture.
  • Fortinet - Cloud Security Report (2025) - Examines the state of cloud security, focusing on deployment strategies, multi-cloud adoption, and prevalent security concerns. Key findings reveal low confidence in real-time threat detection and a persistent cybersecurity skills gap, highlighting the need for increased investment and improved security practices.
  • Google - Cybersecurity Forecast 2025 (2025) - Insights from Google Cloud leaders on emerging cybersecurity trends. Key predictions include the continued rise of ransomware and multifaceted extortion, the increasing use of AI by attackers, and the persistent threat from state-sponsored actors like China, Russia, Iran, and North Korea.
  • ISC2 - Cloud Security Report (2024) - Provides insights into 2024 cloud security trends and challenges, focusing on multi-cloud environments and the adoption of DevSecOps. Key findings reveal significant barriers to advancing cloud maturity, particularly regarding skills gaps and the complexities of streamlining cloud compliance across multiple platforms.
  • PaloAlto - State of Cloud Native Security Report (2024) - Examines the current state of cloud-native security, including trends, challenges, and best practices across different sectors. Key findings include significant law enforcement actions against several prominent ransomware groups, resulting in arrests, takedowns, and the apparent retirement of some actors, alongside the emergence of new groups and fraudulent activities.
  • Sonatype - State of Cloud Security Report (2024) - Provides insights into the state of cloud security and software supply chain management across different sectors. Key findings highlight the increasing sophistication of attacks leveraging shadow downloads to bypass repository managers and the significant number of compromised packages discovered.

Identity Security

  • Astrix - State of Non Human Identity (2024) - Highlights growing concerns over non-human identities as attack vectors, limited automation and visibility into API and third-party connections. Key findings reveal low confidence in preventing NHI-based attacks, coupled with significant challenges in managing basic security controls like permissions and API keys, highlighting a critical need for improved NHI security practices.
  • ConductorOne - Identity Security Outlook Report (2024) - Highlights how increasing technological and organizational complexity are driving new identity risks. Key findings reveal increasing budgets for identity and access management, coupled with a growing adoption of zero standing privileges to mitigate escalating identity-based threats.
  • CyberArk - Identity Security Threat Landscape Report (2024) - Examines the impact of cyberattacks on identity, including cyber debt, GenAI, machine identities, and third- and fourth-party risks. Key findings reveal a growing "cyber debt" fueled by these factors, highlighting the need for proactive security strategies.
  • CyberArk - State of Machine Identity Security Report (2025) - Focuses on the critical and often-overlooked area of machine identity security. Key findings reveal that a significant percentage of organizations are concerned about risks stemming from compromised machine identities (37%) and expired certificates (36%), highlighting a lack of visibility and control over secrets management.
  • Hypr - State of Passwordless Identity Assurance (2025) - Focuses on the adoption and impact of passwordless identity assurance. Key findings indicate a growing momentum for passwordless authentication in the enterprise, with usage increasing by 10% compared to the previous year.
  • IDS Alliance - 2024 Trends in Securing Digital Identities (2024) - Provides insights into current plans, historical trends, and approaches to cybersecurity and identity management. Key research found that 22% of businesses see managing and securing digital identities as the number one priority of their security program, up from 17% in 2023.
  • ManageEngine - Identity Security Survey (2024) - Explores global identity security readiness across industries and roles, examining the rising tide of AI-driven phishing, social engineering, and credential theft. Key findings reveal a significant gap between perceived and actual IT ecosystem visibility and control, highlighting the urgent need for improved identity security posture across organizations.
  • Omada - State Of Identity Governance (2025) - Focuses on the state of identity governance in large organizations, leveraging insights from a survey of IT and business leaders. Despite increased cybersecurity funding, organizations struggle with high IGA total cost of ownership and persistent excessive access permissions, driving a demand for modern cloud-based, AI-driven solutions to automate manual processes.
  • Orca - State of Cloud Security Report (2025) - Analyzes security challenges in multi-cloud environments, with a focus on AI risk, data exposure, and neglected assets. Key findings reveal that 62% of organizations have at least one vulnerable AI package, 38% expose sensitive databases to the public, and 13% possess a single asset with over 1,000 potential attack paths.
  • PushSecurity - Identity Attacks (2024) - Highlights that 2024 is seeing a rise in identity-based attacks, as attackers increasingly target vulnerable identities now that identity has become the new security perimeter. Key findings reveal a significant increase in account takeovers via exploited identities, highlighting the evolving attack landscape and the substantial financial gains for perpetrators.
  • SailPoint - Horizons of Identity Security (2024) - Explores the evolving landscape of identity security, emphasizing its role in mitigating cyber risks while enhancing business value and productivity. Key findings highlight the potential for strategic investments to improve security posture and deliver higher returns, particularly among organizations demonstrating advanced maturity levels.
  • Semperis - Ransomware Risk Report (2025) - Analyzes the global ransomware landscape, evaluating attack frequency, success rates, and the critical role of identity infrastructure. Key findings indicate a modest global decrease in ransomware success, yet 78% of organizations were still targeted, with 83% of attacks compromising identity infrastructure, and 15% of victims receiving no decryption keys after payment.
  • Varonis - The Identity Crisis (2024) - Analyzes the prevalence of cyberattacks in 2024, focusing on the crucial role of stolen identities. The report reveals that credential stuffing and similar methods are the most common attack vectors, enabling attackers to maintain undetected access for extended periods to exploit vulnerabilities and exfiltrate sensitive data.

Penetration Testing

  • Bugcrowd - The Total Economic Impact Of Bugcrowd Managed Bug Bounty (2024) - Analyzes the economic benefits and impacts of Bugcrowd's managed bug bounty programs, supported by data-driven insights from Forrester. Key findings reveal significant cost savings through early vulnerability detection and remediation, exceeding the program's cost by a substantial margin.
  • Cobalt - State of Pentesting (2025) - Offers an overview of the current state of penetration testing, including trends, challenges, and best practices across various industries. A key finding reveals a significant increase in manual penetration testing alongside the emergence of AI-driven attacks and vulnerabilities, necessitating a refined pentesting maturity model.
  • Fortra - Penetration Testing Report (2024) - Provides insights into the current landscape of penetration testing, including common vulnerabilities and industry-specific challenges. Key findings reveal a growing reliance on third-party services, coupled with increasing concerns about phishing attacks and the need for more frequent testing across diverse environments.
  • HackerOne - Hacker Powered Security Report (2024) - Explores the state of hacker-powered security, including trends in bug bounty programs and vulnerability disclosure across industries. Key findings highlight the expanding expertise of security researchers into AI, APIs, and an emphasis on layered security defenses.
  • NCC Group - Annual Research Report (2024) - Highlights NCC Group's 25 years of research, covering topics from cryptography to hardware and embedded systems. Key highlights include pioneering research, innovative tools, and active community engagement, showcasing a year of significant advancements in the field.

Privacy and Data Protection

  • Cisco - Privacy Benchmark Study (2025) - Highlights evolving trends in data privacy, examining the impact of regulation, investment, and the increasing role of artificial intelligence. Key insights reveal a paradoxical preference for local data storage despite higher trust in global providers, sustained positive impact from privacy legislation, and growing organizational focus on AI governance.
  • Code42 - Annual Data Exposure Report (2024) - Highlights insider threat risks and trends based on insights from over 700 security professionals. Key findings reveal a significant increase in insider-driven data loss and the growing influence of emerging technologies on data exposure trends.
  • Drata - State of GRC (2025) - Focuses on the evolving role of Governance, Risk Management, and Compliance (GRC), transitioning from a cost center to a strategic business driver. A key finding highlights the challenges GRC teams face in balancing compliance complexity and business growth, including concerns about AI hallucinations providing improper GRC guidance.
  • Hyperproof - IT Risk and Compliance Benchmark Report (2025) - Examines the state of IT risk and compliance, focusing on the maturation of GRC programs and trends in framework adoption. Key findings reveal the maturing of GRC programs, evolving framework adoption, and the increasing significance of third-party risk management as a major concern.
  • Immuta - State of Data Security Report (2025) - A survey of 700+ data professionals examines the current state of data security, including challenges, trends, and best practices across various industries. Key findings reveal that security and access remain top concerns amidst growing data demands, with people, processes, and technology all contributing to the complexities.
  • ISACA - State of Privacy (2025) - Outlines key trends in global privacy practices, including staffing needs, budget constraints, and the increasing integration of AI in privacy operations. Key findings reveal significant skill gaps and difficulties in staff retention, coupled with increasing reliance on AI for privacy initiatives and a growing concern over privacy breaches.
  • Kiteworks - Forecast for Managing Private Content Exposure Risk (2025) - Outlines 12 predictions for managing private content exposure risk, based on cybercrime, cybersecurity, and compliance trends focusing on sensitive content communications. Key predictions highlight the evolving global data privacy landscape, the increasing importance of secure content collaboration, and the need for robust API security to manage these risks effectively.
  • Proofpoint - Data Loss Landscape (2024) - Provides an overview of the data loss landscape, including trends and challenges faced by organizations across various industries. Key findings reveal significant financial costs associated with data breaches stemming from malicious and negligent insiders, highlighting a critical need for improved data loss prevention strategies.
  • Proofpoint - Global Email Security Market Report (2024) - Benchmarks 21 top email security vendors, highlighting growth opportunities and market trends. Key findings highlight the significant pressure on vendors to adapt to the rapidly evolving threat landscape and maintain solution efficacy.

Ransomware

  • Cyberreason - Ransomware The True Cost to Business (2024) - Examines the true cost of ransomware attacks on businesses across different sectors. Key findings reveal the evolution of ransomware beyond simple data encryption, highlighting its increasingly sophisticated methods and the significant financial and operational consequences for victims.
  • Sophos - State Of Ransomware (2025) - Outlines the state of ransomware in 2025, examining technical and operational attack vectors, data handling, and the financial and human costs of incidents. Notably, data encryption rates are at a six-year low of 50%, and median ransom payments dropped by 50%, though exploited vulnerabilities remain the leading attack vector.
  • Spycloud - Ransomware Defense Report (2024) - Examines malware and ransomware defense strategies and trends across different sectors. Key findings reveal a resurgence in ransomware attacks and highlight the increasing sophistication of malware, including stealthy stealers and the significant risk posed by third-party exposures.

AI and Emerging Technologies

  • Calypso AI - Insider Threat Report (2025) - Analyzes the evolving landscape of internal AI adoption and its security implications across various organizational levels and industries.
  • Cisco - State of AI Security (2025) - Analyzes the emerging AI security risks and attack vectors within the AI threat landscape. Key findings reveal a growing need for proactive AI security research and the development of robust policies to mitigate these risks.
  • HiddenLayer - AI Threat Report (2024) - Provides insights into the AI threat landscape across various industries. Key findings highlight the increasing threats of adversarial AI attacks, including deepfakes and data privacy breaches, and the vulnerabilities of AI-based systems to supply chain attacks.
  • ICONIQ - The AI Builders Playbook (2025) - Focuses on the "how-to" of conceiving, delivering, and scaling AI-powered offerings, including product roadmap, go-to-market strategies, talent, cost management, and internal productivity. Key findings indicate that AI-native companies are rapidly scaling products, with agentic workflows being the most common type of AI product built by 80% of AI-native companies, while model accuracy and the increasing importance of cost are top considerations for foundational models.
  • Okta - AI at Work (2025) - Focuses on the perspectives of C-suite executives regarding the transformative impact of artificial intelligence (AI) on security, innovation, and efficiency within organizations. Key findings reveal executive sentiment, concerns, and priorities regarding AI implementation, highlighting varying levels of understanding and integration across different organizations.
  • Wiz - AI Security Readiness (2025) - Analyzes the current state of AI security readiness among cloud architects, engineers, and security leaders, highlighting critical gaps. Key findings reveal widespread AI adoption is significantly outpacing the development of in-house security expertise and the implementation of AI-specific posture management tools, leading to substantial visibility challenges like shadow AI.

Resources

Annual reports are the result of a collaborative effort, combining research from both paid and non-profit sources, drawn from within the organization and the broader cybersecurity community. These reports rely on the contributions of various organizations that help shape the field by setting standards, offering certifications, conducting research, and influencing policy.

The categories below highlight the diverse roles these organizations play in building cybersecurity programs and advancing best practices. By exploring these groups, readers can gain insight into the ecosystem that underpins the development of annual reports and drives progress in the industry.

Research Consulting: These are organizations that offer paid research services, market analysis, and consulting in the field of information technology and cybersecurity.

Standards and Certifications: Organizations involved in setting cybersecurity standards, providing certifications, and creating frameworks for best practices.

Threat Intelligence and Incident Response: Organizations focused on sharing threat intelligence, coordinating cyber incident responses, and combating cyber threats.

Policy and Advocacy: Institutions shaping cybersecurity policies, regulations, and public awareness on a national or international scale.

Working Groups: These are collaborative organizations or professional associations that conduct research, share information, and develop best practices in cybersecurity.

Government and Non-profits: This category includes government agencies and non-profit organizations dedicated to cybersecurity research, policy development, and public awareness.

Research Consulting

  • 451 Research - A technology research and advisory firm specializing in emerging technology segments including cybersecurity market analysis and trends.
  • ABI Research - A technology market intelligence company providing strategic guidance on transformative technologies, including cybersecurity and digital security.
  • Forrester Research - An advisory company that offers paid research, consulting, and event services specialized in market research for information technology.
  • Frost & Sullivan - A consulting firm offering market research and analysis in cybersecurity, with particular focus on emerging technologies and market opportunities.
  • Gartner - A technology research and consulting firm which offers private paid consulting as well as executive programs and conferences.
  • GigaOm - A research firm offering practical, hands-on, practitioner-driven research for businesses.
  • International Data Corporation (IDC) - A global provider of market intelligence and advisory services.
  • KuppingerCole - A global analyst company specializing in information security, identity & access management, and risk management.
  • Omdia - A global technology research powerhouse focusing on cybersecurity market analysis and digital transformation.

Standards and Certifications

Threat Intelligence and Incident Response

Policy and Advocacy

Working Groups

Government and Non-profits

Contributing

Please refer to the guidelines at https://github.com/jacobdjwilson/awesome-annual-security-reports/blob/master/CONTRIBUTING.md for details.