Annual Security Reports

Awesome Annual Security Reports ¶

A curated list of annual cyber security reports - Centralized annual cybersecurity analysis and industry surveys

Definition: The cybersecurity landscape is constantly evolving, making it hard for CIOs, CISOs, and security leaders to keep up. They're flooded with annual reports from research consultancies, industry working groups, non-profits, and government agencies, and sifting through marketing material to find actionable insights is a major challenge. This list aims to cut through the noise by providing a vendor-neutral resource for the latest security trends, tools, and partnerships. It curates information from trusted sources, making it easier for security leaders to make informed decisions.

Limitations: This is not a repository for project-specific documents such as white papers, intelligence reports, technical specifications, or standards. While all user-submitted uploads or report requests are welcome, we should draw a box around this awesome list.

Accessibility: When possible, all reports will be sourced from their original authors and uploaded to Virus Total via GitHub action to provide an added level of confidence. The resulting analysis link will be included in the PDF commit notes. Additionally, all PDF reports will be converted to Markdown using AI, based on the AI Prompts defined in this repository.

Acknowledgement: I would like to give recognition for other works that inspired this collection. Richard Stiennon produces an annual comprehensive cybersecurity industry analysis at IT Harvest that deserves attention of those in the industry. Additionally, Rick Howard's Cyber Cannon list of must-read books is a timeless resource of curated wisdom, catering to both leadership and practitioner levels within the field.

Annual Report Counts: \ GitHub repo file or directory count (in path)

Overview¶

Reports are organized into two main categories based on their data sources:

Analysis: Generated through quantification and qualification of data from sensor networks or cybersecurity services.

Survey: Derived from surveys, interviews, or consulting engagements that capture industry sentiment and practices.

The most recent versions of reports are listed below. Older editions are preserved in their corresponding yearly directories. Reports from sources that have not been updated in the last three years will no longer appear in this README.md but will remain accessible in the respective year's directory.

Reports are organized by their primary focus. Although many reports span multiple topics, this classification provides a clearer structure. Within each topic, reports are listed alphabetically.

How to Contribute¶

The easiest way to contribute is to suggest a report. If you've found a valuable annual security report that isn't on our list, please let us know!

Analysis Reports¶

Global Threat Intelligence¶

Artic Wolf Labs - Cybersecurity Predictions (2025) - Analyzes evolving threat landscapes and predicts key cybersecurity challenges for 2025. The report highlights the increasing sophistication of social engineering attacks, emphasizing the critical need for robust multi-factor authentication implementations and vigilance against evolving tactics, techniques, and procedures.
Axur - Threat Landscape (2025) - Analyzes the 2025 cybersecurity threat landscape, focusing on evolving attack vectors and their impact on organizations. Key insights reveal a significant increase in supply chain attacks, a shift in social engineering tactics targeting IT professionals, and the growing sophistication of ransomware through triple extortion methods.
Biocatch - Digital Banking Fraud Trends In The United States (2025) - Analyzes digital banking fraud trends in the U.S., highlighting the evolving threat landscape and emerging methods employed by fraudsters. The report reveals a surge in money mule activity 168% increase and the increasing use of stablecoins like Tether for laundering illicit proceeds, while also noting a reduction in fraud during account onboarding.
Bridewell - Cyber Threat Intelligence Report (2025) - Analyzes the cyber threat landscape of 2025, focusing on malicious infrastructure tracking and emerging threats. The report highlights a decrease in Cobalt Strike usage alongside a rise in Sliver and Brute Ratel, with Lumma Stealer, Redline Stealer, and StealC dominating the information stealer landscape, pularly impacting the UK.
Cato Networks - Threat Report (2025) - Analyzes the Cato SASE Cloud Platform's capabilities in network and security transformation. Key insights highlight the platform's role in enabling threat prevention, data protection, and incident response through a unified, cloud-native architecture, with advancements in AI/ML-driven anomaly detection and XOps.
Chainalysis - Crypto Crime Report (2025) - Analyzes the evolving landscape of cryptocurrency crime and its increasing professionalization across various illicit activities. Key insights reveal a significant shift towards stablecoins in illicit transactions, a notable decrease in ransomware payments due to law enforcement actions, and the growing use of AI in scams and fraud.
CheckPoint - Cybersecurity Report (2025) - Analyzes global cybersecurity events and trends in 2024, offering predictions and recommendations for CISOs in 2025. Key findings highlight the impact of AI and cloud advancements on cybercrime, emphasizing the need for proactive security measures and adaptive strategies.
Cisco - Cyber Threats Trends Report (2025) - Analyzes current cyber threat trends, focusing on information stealers, Trojans, ransomware, RATs, and APTs. Key findings reveal a significant increase in the sophistication and volume of attacks, particularly concerning the use of information stealers and the continued evolution of ransomware techniques.
Coalition - Cyber Claims Report (2025) - Analyzes cyber insurance claims data from Coalition policyholders in 2024 across the US, Canada, the UK, and Australia. The report reveals a 7% decrease in overall claims frequency, though email-based attacks like BEC and FTF accounted for 60% of all claims, and industries with less security awareness were more susceptible to attacks.
CrowdStrike - Global Threat Report (2025) - Analyzes global threat trends and key adversary tactics for 2025. Significant findings include the increasing use of generative AI by adversaries, the persistent threat of social engineering, and the growing sophistication of cloud-based attacks targeting SaaS platforms.
CrowdStrike - Threat Hunting Report (2025) - Examines the evolving landscape of interactive cyber intrusions and the proactive threat hunting strategies required to counter advanced adversaries. Key findings reveal a 136% surge in cloud intrusions, the increasing use of generative AI by threat actors, and a dramatic rise in vishing attacks.
Cyberproof - Mid Year Cyber Threat Landscape (2025) - Analyzes the H1 2025 cyber threat landscape, focusing on the surge of AI-powered ransomware operations, intensified targeting of the manufacturing sector, and strategic shifts in supply chain infiltration. Key insights include a 60% increase in ransomware attacks, the emergence of GenAI-leveraging groups like FunkSec, and high-impact infrastructure compromises by China-aligned APTs such as Salt Typhoon.
Cyble - Global Threat Landscape (2025) - Analyzes the global threat landscape of H1 2025, highlighting a significant 54% increase in ransomware attacks compared to the previous year. The report identifies CL0P, Akira, and Qilin as the top ransomware operators, with North America being the most targeted region and zero-day exploits in Microsoft and Apple products posing significant risks.
Deep Instinct - Threat Landscape Report (2025) - Analyzes global malware trends and ransomware attacks in 2024, offering predictions for 2025. Key findings highlight a continued rise in ransomware attacks targeting specific sectors, coupled with the evolving tactics of ransomware groups and the impact of sanctions and disclosures on their operations.
Deloitte - Global Cyber Threat Intelligence Report (2025) - Analyzes global cyber threat trends throughout 2024, focusing on the evolution of ransomware, nation-state espionage, and shifting initial access techniques. Key findings include the continued dominance of ransomware driven by the emergence of new RaaS groups like RansomHub, and a marked shift toward AI-enhanced social engineering as threat actors adapt to bypass increasingly effective technical controls.
Department of Homeland Security - Threat Assessment (2025) - Analyzes homeland security threats in 2025, focusing on terrorism, transnational crime, and threats to critical infrastructure. Key concerns include the evolving tactics of nation-state actors, the persistent threat of cyberattacks targeting critical infrastructure, and the increasing challenges posed by transnational criminal organizations.
DNSFilter - Annual Security Report (2025) - Analyzes 2024 cybersecurity trends, focusing on data breaches and their impact across various regions. Key findings reveal a significant increase in threats related to natural disasters and election-related attacks, coupled with an uneven adoption of security measures among Managed Service Providers.
Eset - Threat Report (2025) - Focuses on the disruption of two prominent infostealers, Lumma Stealer and Danabot, through coordinated efforts. ESET's telemetry data reveals a 21% increase in Lumma Stealer detections in H1 2025, with a significant spike following a spam email campaign targeting Mexico, highlighting the malware's prolific nature and the importance of the disruption.
Europool - Internet Organized Crime Threat Assessment (2025) - Focuses on how cybercriminals acquire, trade, and exploit data, highlighting the ecosystem surrounding these activities. The report finds that data theft is a significant threat, with Initial Access Brokers increasingly selling access to compromised systems and accounts on specialized criminal platforms, and that social engineering techniques are becoming more effective with the adoption of AI.
Expel - Annual Threat Report (2025) - Analyzes cybersecurity trends from 2024, focusing on cloud security, phishing, and other threats. Key findings reveal diverse threat actor tactics across various industries, highlighting the need for proactive detection and preventative measures.
F5 - Advanced Persistent Bots Report (2025) - Examines the behavior of advanced persistent bots across 200 billion transactions, assessing the impact of mitigation on web and mobile API platforms. Analysis reveals that while overall automated attacks declined in most sectors, the Hospitality industry faced a significant increase, with nearly 45% of all web traffic originating from unauthorized scraping bots.
Flashpoint - Global Threat Intelligence Report (2025) - Analyzes the 2025 global cyber threat landscape, focusing on data breaches and information-stealing malware. Key findings reveal significant trends in unauthorized access methods and the evolving tactics used by threat actors, impacting various sectors and requiring updated security strategies.
Forescout - Threat Review (2025) - Analyzes the threat landscape of the first half of 2025, emphasizing the persistence of known vulnerabilities and the blurring distinction between hacktivist and state-sponsored actors. Key insights highlight that 47% of newly exploited vulnerabilities were pre-existing, while adversaries increasingly utilized unexpected assets like IP cameras and BSD systems to evade detection and facilitate lateral movement.
Fortinet - Global Threat Report (2025) - Analyzes the evolving global threat landscape and attacker tactics. Key findings reveal a surge in cyber reconnaissance activity driven by automated scanning and a significant shift in attacker focus towards cloud environments and post-exploitation techniques.
GenDigital - Threat Report (2025) - Highlights the rise of PharmaFraud, AI-built ransomware, and tech support scams targeting Facebook users. The report reveals a surge in financial scams +340% and malicious push notifications +317%, alongside the discovery of a cryptographic flaw in the FunkSec ransomware, leading to a free decryptor.
Guardz - SMB Threat Report (2025) - Analyzes the SMB threat landscape, highlighting the rise of phishing, cloud-based attacks, and identity-based breaches. The report reveals a shift towards AI-enhanced social engineering, stolen credentials as a primary attack vector, and the increasing exploitation of cloud assets and Microsoft 365 applications.
Honeywell - Cyber Threat Report (2025) - Focuses on cybersecurity incidents impacting operational technology environments and the increasing cybersecurity and non-compliance risks faced by companies. Key findings include a 46% increase in ransomware extortion incidents, the emergence of the CL0P ransomware group as a dominant actor, and an increase in attacks targeting agriculture and food production.
Huntress - Threat Report (2025) - Analyzes the 2024 cyber threat landscape, focusing on ransomware attacks and their impact across various sectors. Key findings reveal a concerning increase in ransomware attacks targeting healthcare and technology sectors, with a notable rise in the use of Remote Monitoring and Management tools for lateral movement.
IBM - X Force Threat Intelligence Index (2025) - Analyzes emerging cybersecurity threats and trends for 2025. Key findings highlight the increasing use of AI in attacks, the persistence of info-stealers, and the significant role of phishing and cloud-based infrastructure in successful compromises.
Infoblox - DNS Threat Landscape Report (2025) - Analyzes the DNS threat landscape, highlighting the increasing sophistication and speed of DNS-sourced cyberattacks. The report reveals that threat actors are rapidly deploying weaponized domains, leveraging traffic distribution systems, and exploiting vulnerabilities in WordPress and cloud resources to evade detection and target victims with scams, malware, and phishing attacks.
K7 Security - Cyber Threat Monitor Report (2025) - Analyzes the global cyber threat landscape and its impact on various industries, highlighting evolving attack vectors and prevalent malware. Key findings indicate a significant rise in human-centric phishing attacks and the persistent exploitation of unpatched Windows vulnerabilities, particularly MS17-010.
Kroll - Threat Landscape Report (2025) - Analyzes the evolving threat landscape in the cryptocurrency era, detailing emerging cybercrime tactics and regulatory responses. Key findings reveal a significant surge in crypto-related theft, reaching $1.93 billion in the first half of 2025, and a 40% increase in phishing attacks targeting crypto users.
Mandiant - M Trends (2025) - Analyzes global cybersecurity threats and trends in 2025. Key findings include insights into ransomware attacks, cloud compromises, and the evolving tactics of various nation-state actors.
Microsoft - Digital Defense Report (2025) - Focuses on the evolving cybersecurity threat landscape, highlighting the increasing role of AI in both attacks and defenses. Key findings reveal adversaries are leveraging AI for social engineering and vulnerability discovery, while defenders are using it to synthesize data and detect novel threats.
Mimecast - Global Threat Intelligence Report (2025) - Analyzes the global threat landscape, focusing on risks posed by business communications, collaboration environments, and human workers. Key findings reveal a surge in ClickFix attacks, the weaponization of legitimate services, and the increasing use of multi-channel attack strategies, highlighting the need for enhanced security hygiene and user awareness.
NCTech - State Of Cybersecurity (2025) - Analyzes the evolving landscape of cybersecurity threats and challenges for 2025, detailing emerging attack vectors and defense strategies. Key insights reveal a significant increase in AI-driven attacks, the growing sophistication of ransomware-as-a-service models, and the persistent cyber skills gap as major concerns.
Orange Cyber Defense - Security Navigator (2025) - Analyzes the evolving cybersecurity threat landscape and proactive mitigation strategies. Key findings reveal a rise in cyber extortion, AI-driven attacks, and threats to operational and mobile networks, necessitating innovative defensive adaptations.
Palo Alto - Global Incident Response Report (2025) - Analyzes five major trends reshaping the threat landscape, highlighting a shift toward intentional business disruption and the increasing sophistication of supply chain and cloud attacks. Key findings reveal that 86% of incidents resulted in operational disruption, data exfiltration occurred within the first hour in nearly 20% of cases, and insider threat cases linked to North Korea tripled in 2024.
Picus - Red Report (2025) - Analyzes the ten most prevalent MITRE ATT&CK techniques used by threat actors. Key findings reveal a high prevalence of techniques related to process injection, command execution, and credential harvesting, highlighting the persistent reliance on established attack vectors.
Rapid7 - Initial Access Brokers Report (2025) - Focuses on the Initial Access Broker landscape by analyzing activity on Exploit, XSS, and BreachForums. The analysis reveals that most access broker sales include a level of privilege, with VPN and Domain User access being the most popular vectors, and the average base price for access ranging from $500 to $1,000.
RedCanary - Threat Detection Report (2025) - Analyzes emerging threat detection trends in 2025, focusing on ransomware, initial access vectors, and identity-based attacks. Key findings reveal a significant increase in API abuse within cloud environments and the growing sophistication of AI-powered adversary emulation techniques.
ReliaQuest - Annual Threat Report (2025) - Analyzes 2024 cyber-threat trends, focusing on initial access tactics and their effectiveness. Key findings reveal inadequate logging as the root cause of most breaches, with session hijacking bypassing multi-factor authentication in all successful business email compromise incidents.
Resilience - Cyber Risk Report (2025) - Analyzes cyber risk trends based on claims experience and threat intelligence, highlighting the evolution of third-party risk and the impact of vendor-related incidents. Key findings include a surge in social engineering effectiveness due to AI, an increase in the severity of ransomware attacks, and the compounding effects of ecosystem risks.
Shieldworkz - Global Ot And Iot Threat Landscape Report (2025) - Analyzes the global OT and IoT threat landscape, highlighting the increasing sophistication and strategic intent of cyberattacks targeting critical infrastructure.
SilentPush - Threat Actor Study (2025) - Analyzes global threat actor activity and infrastructure trends from 2024, focusing on AI-powered scaling, infrastructure laundering, and Access-as-a-Service models. Key findings highlight persistent state-sponsored APTs, the evolution of FIN7, Scattered Spider, and CryptoChameleon, and the rise of large-scale investment scams, phishing networks, and underground markets.
SonicWall - Cyber Threat Report (2025) - Analyzes the evolving landscape of cyber threats in 2024, focusing on the rise of ransomware, BEC attacks, and the impact of AI-powered tools. Key findings highlight a significant increase in ransomware and BEC attacks, coupled with the concerning ease with which threat actors can leverage AI and readily available tools to launch sophisticated campaigns.
Sophos - Threat Report (2025) - Analyzes the 2025 cyber threat landscape facing small and midsized businesses, identifying ransomware and compromised network devices as the most critical operational risks. Key findings reveal that ransomware accounts for over 90% of incident response cases for mid-sized organizations, while compromised edge devices facilitate a quarter of all initial network breaches.
TrendMicro - Annual Cybersecurity Threat Report (2025) - Analyzes enterprise cyber risk exposure across sectors and regions using telemetry from Trend Vision One's Cyber Risk Index framework. Key findings show the education sector maintained the highest risk throughout 2024, while larger organizations exhibited greater exposure due to complex infrastructures and expanded attack surfaces.
Truesec - Threat Intelligence Report (2025) - Analyzes the evolving cyber threat landscape, focusing on key developments and emerging trends. Key insights reveal that while Nordic enterprises are showing positive effects from cybersecurity investments, cybercriminals are increasingly targeting smaller businesses and leveraging AI for social engineering.
WatchGuard - Threat Report (2025) - Analyzes network and endpoint threat activity observed across WatchGuard security appliances in Q1 2025. Notable findings include a 171% spike in network-detected malware per device and a 712% increase in new, unique endpoint malware samples, signaling a surge in evasive and novel threats.
Withsecure - Supply Chain Threat Report (2025) - Analyzes the increasing threat of supply chain attacks, highlighting their impact and the factors contributing to their rise. The report details notable incidents like the 3CX compromise and the MOVEit Transfer vulnerability, emphasizing the potential for widespread damage through trusted software and service providers, as well as the theft of source code from major tech companies.

Regional Assessments¶

Australian Signals Directorate - Cyber Threat Report (2025) - Analyzes the Australian cyber threat landscape for 2023-2024, focusing on state actors, critical infrastructure attacks, cybercrime, hacktivism, and national resilience efforts. Key findings highlight a significant increase in ransomware attacks targeting critical infrastructure and a concerning rise in hacktivism motivated by geopolitical events.
Canada - National Cyber Threat Assessment (2025) - Analyzes the cyber threats facing Canada from state adversaries and cybercrime, forecasting trends up to 2026. The report highlights the increasing aggressiveness of state adversaries in cyberspace, the resilience of cybercrime due to the Cybercrime-as-a-Service model, and the persistent threat of ransomware to critical infrastructure.
Ensign - Cyber Threat Landscape Report (2025) - Analyzes the cyber threat landscape in the Asia-Pacific region, highlighting trends and developments observed in 2025. Key findings include increased activity from state-sponsored groups, the persistence of ransomware, and attacks targeting business and professional services firms.
Intel471 - Uk Threat Landscape Report (2025) - Analyzes the escalating cyber threat landscape in the United Kingdom and outlines strategic preparations for the upcoming Cyber Security and Resilience Bill. Key findings reveal that the UK ranked as the second most impacted nation for initial access broker activity with 254 victims, underscoring the critical need for enhanced supply chain monitoring and executive accountability.
Interpol - Africa Cyber Threat Assessment Report (2025) - Reveals a steep rise in cyber-related crime across the continent, with online scams, ransomware, business email compromise, and digital sextortion identified as the most prevalent threats. According to INTERPOL, cybercrime now accounts for more than 30 per cent of all reported crime in parts of Western and Eastern Africa.
National Cyber Security Centre - Cyber Threat Report (2025) - Analyzes the 2025 cyber threat landscape for New Zealand organizations, detailing five key judgments regarding prevalent threats. Key findings indicate a rise in state-sponsored actors, commercialized cybercrime tools, hacktivist activity driven by global conflicts, supply chain exploitation, and the continued vulnerability to unpatched weaknesses.
Office of the Director of National Intelligence - Annual Threat Assessment (2025) - This assessment analyzes the evolving threat landscape to U.S. national security posed by state and non-state actors. Key concerns include the increasing cooperation between adversarial states and the persistent threat from transnational criminal organizations, particularly in the illicit drug trade and extremist activities.
United States Department of Defense - State of DevSecOps (2025) - Focuses on the adoption of DevSecOps practices within the United States Department of Defense. A key finding is the Air Force's launch of a new software directorate, highlighting a move towards integrating security earlier in the software development lifecycle.

Sector Specific Intelligence¶

Biocatch - Global Scams Report (2025) - Analyzes global scam trends, highlighting the increasing sophistication and prevalence of social engineering tactics. Key findings reveal a 65% increase in reported scams, with significant regional variations and the emergence of industrialized fraud operations exploiting human trafficking.
Cyberint - Travel Threat Landscape Report (2025) - Analyzes the cyber threat landscape targeting the travel and tour operations industry, highlighting recent cyber events and future predictions.
Gatepoint Research - The State Of Network Security In Transportation And Logistics (2025) - Analyzes the network security landscape in the transportation and logistics sector, highlighting priorities, challenges, and technology adoption. The report reveals that staying ahead of cybersecurity threats is a top concern 81%, while GenAI readiness remains low, with only 28% having implemented related solutions.
Health ISAC - Annual Threat Report (2025) - Analyzes the 2025 Health Sector Cyber Threat Landscape, detailing recent attacks and emerging trends. Key insights reveal a persistent threat of ransomware, the growing impact of supply chain attacks, and the increasing sophistication of nation-state actors targeting healthcare organizations.
Nokia - Threat Intelligence Report (2025) - Analyzes the 2025 threat landscape for the telecommunications sector, identifying a strategic shift from opportunistic attacks to coordinated, infrastructure-level campaigns targeting core networks and lawful interception systems. Key insights include the finding that 63% of operators faced living off the land techniques, while high-impact incidents like the Salt Typhoon campaign underscore the growing persistence of state-sponsored actors.
Sixmap - Research Energy Sector Exposure Assessment (2025) - Analyzes the external exposures of 21 leading U.S. energy providers to assess their security posture and identify systemic risks. The study found nearly 40,000 hosts with over 58,000 exposed services, including a significant number running on non-standard ports, and identified 43 CVEs common to at least 45% of the organizations, indicating potential systemic vulnerabilities.
TRM Labs - Crypto Crime Report (2026) - Analyzes the illicit cryptocurrency market in 2025, highlighting key trends and activities. The report finds that while overall illicit crypto volume decreased, ransomware demands reached an all-time high and terrorist financing via cryptocurrency expanded, with stablecoins remaining the preferred choice for illicit actors.
TRM Labs - Global Crypto Policy Review Outlook (2025) - Analyzes global cryptocurrency policy developments and their impact on institutional adoption. Key findings indicate that over 70% of reviewed jurisdictions advanced stablecoin regulation, while approximately 80% saw financial institutions announce new digital asset initiatives, driven by increasing regulatory clarity.
Trustwave - Energy Utilities Risk Radar (2025) - Analyzes the unique cybersecurity challenges and evolving threat landscape facing the critical energy and utilities sector. Key findings highlight an 80% year-over-year increase in ransomware attacks, predominantly initiated by phishing 84% and leveraging remote services for lateral movement 96%.
Trustwave - Healthcare Risk Radar (2025) - Analyzes the evolving cybersecurity risk profile of the healthcare sector, detailing emergent threats and vulnerabilities. Key findings reveal that 45% of attacks originated from exploiting public-facing applications, with ransomware groups like Ransomhub and LockBit 3.0 predominantly targeting US-based healthcare organizations.
Trustwave - Hospitality Risk Radar (2025) - Examines the persistent threat landscape and unique cybersecurity challenges facing the hospitality sector. Key findings highlight a massive attack surface from publicly exposed services, which account for 61.5% of initial access attempts, and a significant volume of critical vulnerabilities.
Trustwave - Manufacturing Risk Radar Report (2025) - Analyzes the evolving threat landscape for the manufacturing sector in 2025. Key findings highlight the increasing convergence of IT and OT systems, a persistent rise in ransomware attacks, and the need for enhanced security measures across all attack stages.
Upstream - Global Automotive Cybersecurity Report (2025) - Analyzes the expanding cybersecurity gap in the automotive and smart mobility sectors. Key findings reveal a surge in ransomware attacks in 2024 and the increasing vulnerability of critical infrastructure due to the proliferation of smart mobility devices.
Visa - Biannual Threats Report (2025) - Analyzes the payments ecosystem's threat landscape, focusing on evolving fraud tactics and scams. Key insights reveal a significant increase in ransomware and data breach incidents, alongside sophisticated fraud schemes leveraging malicious mobile applications and NFC technology.

Application Security¶

Armis - Most Dangerous Supply Chain Threats (2025) - Outlines the evolving landscape of software supply chain attacks, with a particular focus on new threats emerging from open-source dependencies and AI-driven development. Key findings highlight the critical risk of AI-induced slopsquatting through hallucinated package names, and reveal that vibe coding with large language models frequently introduces exploitable vulnerabilities.
BlackDuck - Open Source Risk Analysis Report (2025) - Analyzes open source software risk, detailing findings related to security vulnerabilities, licensing issues, and component maintenance based on audit data. Significant findings reveal open source in nearly all codebases 97%, with a striking 90% containing components over four years out-of-date and 64% being untrackable transitive dependencies.
Contrastsecurity - Software Under Siege (2025) - Highlights the increasing prevalence and impact of application-layer attacks targeting custom code, APIs, and application logic. The report reveals that applications face an average of 81 confirmed attacks per month, coupled with nearly 30 serious vulnerabilities, while the rapid adoption of AI and LLMs has led to massive increases in AI-related APIs and CVEs.
Datadog - State Of DevSecOps (2025) - Focuses on how teams can shrink their attack surface across the SDLC by examining exploitability, supply chain exposure, identity risks in CI/CD, and the operational habits that shape real-world outcomes. Findings point to a steady pattern where Java-heavy apps carry more exploitable flaws, long-lived credentials linger in pipelines, and smaller images, IaC adoption, and frequent deployments consistently cut down risk.
DigitalAI - Application Security Threat Report (2025) - Quantifies evolving risks in modern application security. Key findings highlight industry trends, attack data categorized by industry and OS, and regional variations in attack rates.
Fluid Attacks - State Of Attacks (2025) - Analyzes the security vulnerabilities identified through Continuous Hacking in 2024, comparing the findings to the previous year. Key insights include a 3.8% decrease in total risk exposure despite a 59.3% increase in reported vulnerabilities, and a significant 65% reduction in the mean time to remediate critical-severity issues.
GitGuardian - State of Secrets Sprawl (2025) - Analyzes the prevalence of secrets sprawl in 2024, focusing on the types of secrets exposed and their locations within software development lifecycles. Key findings reveal that generic secrets comprise 58% of all detected leaks, private repositories are eight times more likely to contain secrets than public ones, and collaboration tools represent a significantly overlooked source of exposure.
Grip - SaaS Security Risks Report (2025) - Outlines key security risks associated with the growing adoption of SaaS applications, including trends in usage across industries and specific SaaS app statistics. Key findings reveal a significant increase in shadow SaaS deployments and the rapid growth of AI-powered tools, posing substantial and largely unmanaged security risks.
Kodem - State of AppSec Workflow (2025) - Analyzes application security workflows, identifying key bottlenecks and pain points in current practices. The primary bottleneck is remediation, exacerbated by alert fatigue and inefficient vulnerability triage, highlighting the need for increased automation and adaptation to modern development environments.
LegitSecurity - State of Application Risk Report (2025) - Examines the current state of application risk in 2025, focusing on common vulnerabilities and security testing inefficiencies. Key findings reveal significant issues with secrets exposure, AI-related risks, and software supply chain vulnerabilities, highlighting a need for improved security practices across the software development lifecycle.
Reversinglabs - Software Supply Chain Security Report (2025) - Focuses on the escalating software supply chain risks impacting both software publishers and end-user organizations. Key findings reveal sophisticated attacks targeting AI, cryptocurrency infrastructure, and the exploitation of vulnerabilities in open-source and commercial software, compounded by a decline in vulnerability management effectiveness.
Salt - State Of API Security (2025) - Highlights the persistent challenges and evolving landscape of API security, driven by rapid digital transformation and cloud migration. Despite widespread API adoption and a nearly universal encounter with security issues, many organizations struggle with accurate inventory, real-time monitoring, and robust posture governance, alongside emerging GenAI-driven risks.
Veracode - State Of Software Security Report (2025) - Analyzes the evolving state of software security, examining key metrics for maturity and risk management, particularly in the AI era. Key findings indicate a significant increase in high-severity flaws and average fix times despite improved OWASP Top 10 pass rates, with 70% of critical security debt originating from third-party code.
Wallarm - API Threat Stats Report (2025) - Examines API security threats in Q1 2025, focusing on the impact of agentic AI systems and evolving cloud-native infrastructure. Key findings highlight a rapid increase in API breaches driven by increasingly sophisticated attack vectors and a surge in software supply chain vulnerabilities.
Wiz - State of Code Security (2025) - Examines the security posture of code repositories and CI/CD pipelines, highlighting the deep connection between code and cloud environments. It reveals that 61% of organizations have secrets exposed in public repositories , with GitHub dominating the VCS landscape but also exhibiting a significantly higher ratio of public repositories with insecure workflow permissions and weak branch protection.

Cloud Security¶

Censys - State Of The Internet (2025) - Analyzes adversary infrastructure, focusing on command-and-control servers and surrounding tools used by threat actors. The report reveals trends in malware detection, C2 server time-to-live, open directory lifespans, and the use of residential proxy infrastructure, highlighting the importance of historical internet data for tracking malicious activities.
Datadog - State Of Cloud Security (2025) - Analyzes cloud security posture across AWS, Azure, and Google Cloud with a focus on identity risks, default security gaps, and the uneven adoption of guardrails like IMDSv2, data perimeters, and public access blocks. The study highlights persistent trouble spots such as long-lived credentials, overprivileged third-party roles, and aging workloads that miss secure defaults, even as multi-account governance and modern identity patterns gain traction.
Google - Threat Horizons Report (2025) - Analyzes evolving cloud security threats, focusing on advanced actor tactics for evasion, persistence, and supply chain compromise across cloud environments.
Hornet - Cybersecurity Report (2025) - Analyzes the current Microsoft 365 threat landscape, focusing on email security trends and attack techniques. Key findings reveal a significant increase in sophisticated attacks utilizing brand impersonation and malicious attachments, with notable variations in threat levels across different business sectors.
Recorded Future - Cloud Threat Hunting And Defense Landscape (2025) - Analyzes the evolving cloud threat landscape by identifying five primary attack vectors posing significant risk to cloud environments. Key insights reveal that initial compromises often stem from misconfigured cloud endpoints or stolen credentials, while threat actors increasingly leverage cloud-native ransomware tactics and abuse legitimate SaaS/IaaS resources to complicate detection.
Orca - State of Cloud Security Report (2025) - Analyzes security challenges in multi-cloud environments, with a focus on AI risk, data exposure, and neglected assets. Key findings reveal that 62% of organizations have at least one vulnerable AI package, 38% expose sensitive databases to the public, and 13% possess a single asset with over 1,000 potential attack paths.
Sysdig - Cloud Native Security and Usage Report (2025) - Analyzes cloud-native security trends and usage patterns in 2025. Key findings reveal a significant increase in the adoption of runtime security tools and a growing focus on securing AI/ML workloads, alongside persistent challenges in managing identities across human and machine interactions.
Unosecure - Cloud Compliance Pulse (2025) - Provides a half-yearly benchmark of cloud compliance and identity security posture across 50 organizations, utilizing automated control scans for a data-driven assessment. It reveals that 98% of firms exhibit at least one high-severity gap, with 70% of critical findings stemming from common issues like missing MFA on privileged accounts and excessive role privileges.
Varonis - State Of Data Security Report (2025) - Analyzes the state of data security in 2025, focusing on the impact of AI adoption on data risk across 1,000 organizations. The report reveals that 90% of organizations have exposed sensitive cloud data, 88% have stale ghost users, and 99% have sensitive data dangerously exposed to AI tools, highlighting the urgent need for proactive AI security measures.
Wiz - Cloud Data Security Snapshot (2025) - Analyzes current cloud data security exposure trends. A significant finding reveals that 54% of cloud environments have exposed assets containing sensitive data, highlighting the critical need for improved access controls and vulnerability management.
Wiz - State of AI in the Cloud (2025) - Analyzes the current state of AI in cloud environments, focusing on adoption rates, security challenges, and governance issues. Key findings reveal DeepSeek's rapid growth and the continued dominance of OpenAI, alongside a rising trend of self-hosted AI deployments and stabilized adoption of AI managed services.

Vulnerabilities¶

BeyondTrust - Microsoft Vulnerability Report (2025) - Analyzes the 2024 landscape of Microsoft vulnerabilities and their long-term trends. Key findings indicate a record high of 1,360 total vulnerabilities, alongside an all-time low of 78 critical vulnerabilities, though Microsoft Edge saw an unexpected rise in critical issues.
Chainguard - The Cost of CVEs (2025) - Aanalyzes the financial impact of CVE management on organizations using containerized environments. Key findings indicate that mid-market organizations can unlock significant value through decreased risk $2.8M, increased revenue $2.2M, and faster innovation $3.3M by improving their CVE management practices and compliance.
Edgescan - Midyear Vulnerability Statistics Report (2025) - Provides mid-year vulnerability statistics and insights drawn from extensive full-stack security assessments and penetration tests. Key findings indicate vulnerabilities are nearly equally dispersed across network/cloud and web application layers, though network/cloud exhibits a higher proportion of critical findings while web applications show greater vulnerability density per asset.
Imperva - Bad Bot Report (2025) - Analyzes the 2025 Imperva Bad Bot Report, detailing the evolving landscape of automated internet traffic and its impact on businesses. Key findings reveal that automated traffic now surpasses human activity at 51%, with malicious bots comprising 37% of all internet traffic, driven significantly by the increasing accessibility and sophistication of AI-powered attack tools.
Flexera - Annual Vulnerability Review (2025) - Analyzes the monthly vulnerability landscape based on Secunia Research data, providing insights into emerging threats and trends. Key findings include a significant year-to-date increase in advisories and the identification of actively exploited zero-day vulnerabilities in critical software like Microsoft Windows and Google Chrome.
Greynoise - Early Warning Signals Attacker Behavior Precedes New Vulnerabilities Report (2025) - Analyzes the correlation between spikes in attacker activity and subsequent CVE disclosures, particularly in edge technologies. The report reveals that in 80% of analyzed cases, attacker activity spikes preceded new CVE disclosures within six weeks, offering defenders a critical window for proactive security measures.
Hornet - Cybersecurity Report (2026) - Examines the 2026 cybersecurity threat landscape based on Hornetsecurity's analysis of over 72 billion emails processed, highlighting evolving attack vectors and defensive strategies. Key findings reveal a 131% surge in malware-laden emails, a 29% increase in ransomware victim organizations, and a growing reliance on AI by threat actors alongside increased investment in AI-powered defenses.
Intruder - Exposure Management Index (2025) - Analyzes cybersecurity exposure trends across 3,000 small to midsize organizations, focusing on vulnerability detection and response metrics. Key findings reveal a 19% increase in high-severity issues driven by AI-weaponized legacy CVEs, alongside a significant improvement in critical remediation rates to 89% within 30 days.
Recorded Future - Malware And Vulnerability Trends (2025) - Analyzes malware and vulnerability trends observed in the first half of 2024, focusing on exploitation of remote access and security software. Key insights reveal a significant 103% increase in Magecart infections and the continued dominance of infostealer malware, with operators actively refining evasion techniques.
Telefonicatech - Security Status Report (2025) - Analyzes the cybersecurity landscape of the first half of 2025, covering mobile security, significant vulnerabilities, and APT operations. Key insights reveal a growing concern over the sustainability of critical infrastructure like CVE, alongside a surge in credential theft and sophisticated malware campaigns targeting both consumers and industrial systems.
Vulncheck - State Of Exploitation (2026) - In 2025, VulnCheck identified 884 Known Exploited Vulnerabilities KEVs for which evidence of exploitation was observed for the first time. Our analysis shows that 28.96% of KEVs in 2025 were exploited on or before the day their CVE was published, an increase from the 23.6% observed in our 2024 trends in exploitation report.

Ransomware¶

Abnormal - Read Replied Compromised Employee Engagement Trends (2025) - Analyzes employee engagement trends with vendor email compromise attacks, revealing significant behavioral blind spots. The report highlights a 44.2% overall employee engagement rate with VEC messages and a failure to report 98.5% of text-based advanced attacks, underscoring the urgent need to reduce exposure to malicious content.
Akamai - Ransomware Report (2025) - Focuses on the evolving ransomware landscape in 2025, highlighting the increasing complexity and volatility of threats. The report reveals the integration of AI and LLMs by ransomware groups, the rise of quadruple extortion tactics, and the weaponization of compliance regulations, alongside regional trends and the blurring lines between cybercrime and hacktivism.
Gen - Threat Report (2025) - Examines prevalent cyber threats and their impact on ordinary users during Q2/2025. Notable insights reveal the first instance of AI-powered ransomware, a staggering 340% increase in Facebook-based financial scams, and a 317% rise in malicious push notifications.
Guidepoint - GRIT Ransomware Annual Report (2026) - Threat actors continue to evolve in their tactics, techniques, and procedures with AI/LLM enabling more rapid adaptation and continuing to reduce barriers to entry for less-skilled and unskilled actors. Key findings include an in-depth look at the RansomHub threat actor and a spotlight on critical infrastructure vulnerabilities, along with an analysis of post-compromise detection methods.
Veeam - Ransomware Trends (2025) - Analyzes the evolving ransomware threat landscape and proactive resilience strategies for 2025. Key findings reveal a slight decrease in overall attack impact, a significant decline in ransom payments, and a rise in data exfiltration attacks as threat actors adapt to increased law enforcement pressure.
Vipre - Email Threat Report (2025) - Examines email-based threat trends and evolving social engineering tactics observed in Q2 2025, emphasizing human-centered attacks. Key findings highlight the sustained targeting of manufacturing and retail, a significant shift towards customized phishing deployments, and BEC scams increasingly localized to Scandinavian languages.
Zscaler - Threatlabz Ransomware Report (2025) - Examines the current ransomware landscape, detailing top trends, targets, and evolving attack methodologies. Key findings reveal a 145.9% surge in blocked ransomware attempts and a 92.7% increase in data exfiltration, signaling a broader shift towards data-only extortion, with generative AI further enhancing attack sophistication.
Withsecure - Ransomware Threat Report (2025) - Analyzes the evolving ransomware threat landscape, highlighting trends and developments from 2021. The report indicates a decrease in new ransomware families but emphasizes ransomware's continued prevalence, accounting for nearly one-fifth of identified threats, with WannaCry remaining the most dominant family due to its automated spread.

Data Breaches¶

Cyentia - Information Risk Insights Study (2025) - Analyzes incident probability and the increasing risks associated with third-party relationships. A key finding is that incident probability has almost quadrupled in the last 15 years, driven in part by threat actors exploiting trusted relationships with external service providers to compromise target organizations.
IBM - Cost Of A Data Breach Report (2025) - Analyzes the financial impact of data breaches, with a significant focus on the emerging risks and benefits associated with artificial intelligence adoption. While global average breach costs declined to USD 4.44 million due to AI-powered defenses, findings reveal that 97% of AI-related breaches lacked proper access controls, and 16% involved AI-driven attacks.
Identity Theft Resource Center - Annual Data Breach Report (2025) - Analyzes the U.S. data breach landscape in the first half of 2025, identifying a persistent dominance of cyberattacks and supply chain vulnerabilities. Key findings highlight a sharp decline in victim notices despite steady compromise volumes, alongside a concerning trend where 69% of breach notifications fail to disclose specific attack vectors.
Security Score Card - Third Party Breach Report (2025) - Analyzes the landscape of third-party cyber risk and its impact on organizations globally. Key findings indicate a significant increase in third-party breaches, with Retail & Hospitality and Technology sectors experiencing the highest exposure, and file transfer software vulnerabilities emerging as a primary attack vector.
Verizon - Data Breach Investigations Report (2025) - Analyzes data breach trends and patterns from 2025. Key findings reveal a significant increase in social engineering attacks and a persistent reliance on easily exploitable web application vulnerabilities, highlighting the need for improved employee security awareness training and robust application security measures.

Physical Security¶

Dragos - OT Cybersecurity Report A Year in Review (2025) - Analyzes the 2025 OT/ICS cybersecurity landscape, focusing on adversary tactics and defender progress. Key findings reveal a rise in OT-centric cyber operations fueled by geopolitical tensions, particularly the Ukraine-Russia conflict, and the increasing activity of threat groups like KAMACITE and ELECTRUM.
Security Industry Association - Security Megatrends (2026) - Examines the evolving landscape of security technology and its integration into broader business operations. Key insights reveal a significant shift towards AI-driven software solutions and the reinvention of hardware to provide richer data, while security solutions increasingly lose their traditional boundaries to create unified, intelligent systems.
Genetec - State of Physical Security (2026) - Analyzes the current state of physical security, focusing on global trends and challenges in 2026. This report explores how the industry is adapting and how strategic innovation¹ is redefining what’s possible in physical security. Technology must be managed and deployed with intention, not for its own sake.
NMFTA - Transportation Industry Cybersecurity Trends Report (2026) - Analyzes the 2026 cybersecurity landscape for the transportation industry, characterizing the convergence of cargo theft and cybercrime as a comprehensive operational resilience challenge. Key findings identify the emergence of specialized cybercriminal alliances and AI-driven threats as primary risks, necessitating a holistic strategy that merges physical security with digital defense mechanisms.
Nozomi - Networks OT IoT Security Report (2025) - Analyzes operational technology and internet of things cybersecurity trends in the second half of 2024. Key findings reveal a significant increase in sophisticated attacks targeting industrial control systems, highlighting the growing need for robust security measures in critical infrastructure.
Waterfall - OT Cyber Threat Report (2025) - Analyzes the global landscape of Operational Technology cyber threats, focusing specifically on attacks that resulted in confirmed physical consequences. Highlights a 146% increase in sites suffering physical operational impairment and a tripling of nation-state attacks, with the transportation sector emerging as the most impacted industry.

AI and Emerging Technologies¶

Anthropic - Threat Intelligence Report (2025) - Examines how threat actors are leveraging advanced AI models, particularly Claude, to escalate and refine their cyber operations. Key findings demonstrate AI is weaponized as an active agent in sophisticated attacks like vibe hacking for data extortion, and significantly lowers the barrier for developing complex operations such as no-code ransomware.
Google - Advances In Threat Actor Usage Of AI Tools (2025) - Focuses on the increasing use of AI tools by threat actors, highlighting a shift towards deploying novel AI-enabled malware in active operations. Key findings include the emergence of malware families using LLMs for dynamic code generation and obfuscation, threat actors employing social engineering to bypass AI safety guardrails, and a maturing cybercrime marketplace for AI tooling.
Imperva - API Security Threat Report (2025) - Analyzes the evolving API threat landscape for H1 2025, detailing how attackers weaponize business logic flaws across 4,000 monitored environments to disrupt critical operations. Key findings include a record 40,000+ API incidents, a 40% rise in credential stuffing due to weak MFA, and the fact that while APIs comprise only 14% of the attack surface, they attract 44% of sophisticated bot traffic.
Kela - AI Threat Report (2025) - Analyzes the weaponization of AI by cybercriminals, focusing on emerging threats and attack vectors. Key findings reveal a 200% increase in mentions of malicious AI in 2024, highlighting the rapid growth of dark AI tools and their use in automated phishing, vulnerability research, and malware development.
Latio - AI Security Report (2025) - Examines the multifaceted AI security landscape, aiming to clarify prevalent confusion around use cases and differentiate between existing and AI-native solutions. The report emphasizes that while many underlying security challenges are familiar, agentic AI architectures significantly elevate runtime risk due to their access to sensitive data and ability to take actions.
Opswat - State Of File Security Report (2025) - Examines the current state of file security, detailing prevalent threats, management practices, and the integration of advanced technologies. Key findings reveal that file-based breaches have already cost organizations an average of $2.7M over the past two years.
Pindrop - Voice Intelligence And Security Report Report (2025) - Examines the evolving landscape of voice intelligence and security, focusing on the impact of generative AI on fraud. Key findings reveal a more than 1,300% surge in deepfake attacks and a 26% increase in overall fraud attempts, with deepfake fraud projected to rise by 162% in 2025.
Reco - State Of Shadow AI Report (2025) - Examines the pervasive adoption and inherent security risks of unsanctioned AI tools across enterprises. Key findings reveal OpenAI accounts for 53% of all shadow AI usage, while many popular tools lack fundamental security controls and persist unsanctioned for over 400 days on average.
ZScaler - AI Security Report (2025) - Examines the multifaceted landscape of artificial intelligence in cybersecurity, covering AI/ML adoption trends, AI-driven threats, and essential security capabilities. Key findings highlight an exponential 36x year-over-year increase in AI/ML tool usage, with enterprises blocking nearly 60% of all AI/ML transactions due to data security concerns.
Zimperium - Global Mobile Threat Report (2025) - Analyzes the evolving global mobile threat landscape, detailing prevalent attack vectors targeting enterprise mobile devices and applications. Key findings highlight a surge in mobile phishing, the pervasive risk of unupgradable devices 25.3%, and the growing threat of sideloaded applications present on nearly a quarter of enterprise devices.

Survey Reports¶

Industry Trends¶

Accenture - State of Cybersecurity Resilience (2025) - Analyzes the widening gap between AI adoption and cybersecurity maturity across global enterprises. Key findings reveal only 13% of organizations possess advanced capabilities to defend against AI-driven threats, while just 10% have reached a proactive security posture that significantly reduces attack risk and technical debt.
Allianz - Risk Barometer (2025) - Analyzes the top corporate concerns for the year ahead based on insights from over 3,700 risk management experts across more than 100 countries. Highlights that cyber incidents remain the leading global risk by a record margin, while climate change climbs to its highest historical position and new technologies enter the top ten for the first time.
Aon - Global Cyber Risk Report (2025) - Analyzes the global cyber risk landscape and the cyber insurance market, providing insights into cyber security controls and event impacts. Key findings reveal a 22% increase in cyber claims frequency despite a 77% decline in average ransomware payouts, with mid-sized organizations filing the majority of claims.
Artic Wolf Labs - The State Of Cybersecurity (2025) - Analyzes the 2025 cybersecurity landscape, highlighting a pivotal shift in executive priorities and incident response preparedness. Key findings reveal that artificial intelligence has displaced ransomware as the top security concern for 29% of respondents, even as 70% of organizations reported experiencing at least one significant cyber attack in the past year.
At Bay - Insursec Report (2025) - Analyzes the relationship between technology choices and cyber risk using 2024 claims data, revealing a 16% increase in overall claim frequency driven by ransomware and third-party incidents. Key findings include a 19% resurgence in direct ransomware attacks, 80% of which exploited remote access tools and a 43% rise in indirect ransomware claims due to supply chain vulnerabilities.
ATIS - Enhanced 5G And Zero Trust Cloud (2025) - Analyzes the implementation and operational challenges of applying Zero Trust Architecture to 5G cloud environments, specifically addressing the infrastructure hosting the 5G Core, OSS/BSS, and Open Radio Access Networks. Key findings from the ATIS study identify 12 required central security control groups essential for a resilient 5G ZTA, emphasizing that perimeter-based security is no longer sufficient for virtualized and cloud-native mobile networks.
BigID - Data Discovery And Classification Top 5 (2025) - Profiles BigID as a leading vendor in the 2025 data discovery and classification market, utilizing a ten-factor evaluation framework to assess its operational and technical maturity. Analysis highlights the platform's ability to automate sensitive data mapping through AI-driven technologies, achieving a high CVR rating of 8.1 while supporting critical compliance mandates like GDPR and HIPAA.
Binalyze - The State Of Cybersecurity Investigations (2025) - Analyzes the state of cybersecurity investigations within US enterprises, revealing significant gaps in crisis management frameworks and response capabilities. Key findings indicate that most organizations fail to learn from cyberattacks, leading to increased financial and reputational damage due to delayed and inconclusive investigations, exacerbated by a critical lack of skilled personnel.
Bitsight - Security Digitization And The Global Supply Chain (2025) - This report analyzes the complexity and inherent risks within the modern digital supply chain. By leveraging data from over 500,000 organizations and 61.5 million relationships, Bitsight maps the interconnectedness of the global economy to highlight where critical vulnerabilities lie. The central premise is that while digital collaboration drives efficiency, it creates vast webs of dependency that organizations often cannot fully control or see.
BlackDuck - State Of Embedded Software Quality And Safety (2025) - Analyzes the evolving landscape of embedded software, highlighting the impact of AI adoption and software supply chain management. Key findings reveal a significant governance gap in AI implementation, the rise of SBOMs as a commercial imperative, and a disconnect between management and engineering perceptions of release success.
BlackDuck - Balancing AI Usage And Risk (2025) - Analyzes the current state of DevSecOps, focusing on the friction between development velocity and security automation. Key findings highlight that while high-velocity pipelines are common, security lags behind, with tool sprawl often overwhelming teams with noisy data and false positives.
Chainguard - Engineering Reality Report (2026) - Analyzes the current state of the developer experience, highlighting key challenges and opportunities for improvement. Key findings indicate that 72% of engineers struggle to find time for new feature development due to demands on their time, while AI and automation are significantly improving job satisfaction for those who leverage them.
Chainguard - State Of Trusted Open Source (2025) - Analyzes the state of trusted open source software consumption and its associated risks. Key findings reveal that 98% of vulnerabilities occur outside the top 20 most popular projects, highlighting significant security burdens in less visible software components.
Comcast - Business Cybersecurity Threat Report (2025) - Analyzes the 2025 cybersecurity threat landscape based on 34.6 billion detected events, highlighting evolving adversary tactics and the need for layered defense. Key findings reveal a significant increase in resource development activities, the prevalence of drive-by compromises as an initial access technique, and the growing sophistication of DDoS attacks.
Connectwise - MSP Threat Report (2025) - Analyzes the shifting cybersecurity landscape for Managed Service Providers MSPs, focusing on the evolution of ransomware tactics, EDR evasion strategies, and critical vulnerabilities like ScreenConnect. Key findings reveal a strategic pivot from traditional encryption to data extortion by groups such as RansomHub, alongside a marked increase in targeted attacks against midsized businesses following the disruption of major cartels like Lockbit.
Cyber Edge - Cyberthreat Defense Report (2025) - Analyzes the current state of cybersecurity defenses and the perceptions of IT security professionals. Key insights reveal a plateauing trend in successful cyberattacks, a significant preference for AI in security products, and persistent challenges with the cybersecurity skills shortage.
Darktrace - The State Of Cybersecurity In The Finance Sector (2025) - Examines the state of cybersecurity in the finance sector, detailing evolving risks to confidentiality, integrity, and availability. Key findings reveal a significant increase in sophisticated phishing techniques like AiTM and QR code phishing, alongside the growing impact of AI-generated attacks and persistent threats from state-sponsored actors and ransomware groups.
Elastic - Global Threat Report (2025) - Analyzes the evolving landscape of cyber threats, highlighting a significant shift towards high-velocity attacks that weaponize trusted enterprise tools. Key insights reveal adversaries are prioritizing immediate execution over stealth, with Windows execution tactics doubling and cloud attacks concentrating on identity-based goals.
Elastic - State Of Detection Engineering (2025) - Analyzes the practice of detection engineering within Elastic Security, detailing their approach to rule development and enhancement. Key findings highlight the impact of real-world threat analysis, automated rule validation, and the Detection Engineering Behavioral Maturity Model on improving threat detection capabilities.
Elvish - State Of Physical Security (2026) - The report outlines how emerging technologies, shifting operational priorities, and closer coordination between physical security and IT teams are reshaping modern security programs. Key findings highlight stronger adoption of AI analytics and cloud platforms, a growing emphasis on responsible data practices, and a clear push for more integrated, collaborative security operations.
ENISA - Threat Landscape Report (2025) - Outlines the organizational scope and collaborative foundation of the 2025 Threat Landscape report, dedicated to enhancing the Union's infrastructure and digital security. Key contributors include EEAS STRATCOM, Europol EC3, and various Information Sharing and Analysis Centers, emphasizing a cross-sector approach to identifying cyber challenges.
Fairinstitute - State Of Cyber Risk Management Report (2025) - Focuses on the evolution and current state of cyber risk management programs, based on a survey of 402 cyber risk professionals. The report highlights that mature CRM programs are more proactive, business-aligned, and deliver better outcomes, especially when leveraging FAIR methodology, automation, and AI, although challenges like cultural resistance and governance gaps persist.
FERMA - Demystifying Cyber Insurance (2025) - Analyzes the current state of the European cyber insurance market, identifying a transition from extreme volatility to a buyer-friendly environment characterized by softening rates and enhanced organizational resilience. Key findings highlight that while large enterprises have significantly improved their detection and response capabilities, a critical "cyber-resilience gap" persists for small and medium-sized enterprises, which account for 99% of European companies but have an insurance penetration rate of only 15%.
Forescout - Riskiest Devices (2025) - Analyzes millions of devices to identify the most vulnerable assets in enterprise networks, revealing that network equipment has overtaken endpoints as the riskiest IT category. Key findings highlight a 15% increase in industry-wide risk, the unprecedented addition of 12 new device types to the high-risk list, and a notable surge in unencrypted Telnet usage across government networks.
Forrester - Iot Security Solutions Report (2025) - Evaluates the landscape of IoT security solutions for Q3 2025, categorizing top vendors like Nozomi Networks and Claroty into Leaders, Strong Performers, and Contenders. The report emphasizes that while asset discovery is foundational, effective security requires distinct vulnerability management strategies and rigorous policy testing to avoid disrupting business operations.
Fortinet - Threat Predictions (2026) - Analyzes the acceleration of cybercrime and its industrialization, highlighting the increasing speed and scale of attacks. Key insights reveal that AI-driven autonomous agents and the convergence of fraud and cybercrime will drive unprecedented operational throughput for adversaries, necessitating defensive strategies that operate at machine speed.
Google - Cloud ROI Of AI (2025) - Focuses on the impact of AI agents on business value, highlighting the shift from predictive to agentic AI. The report finds that 88% of agentic AI early adopters are seeing a positive ROI on gen AI, driven by executive commitment and strategic deployment across various industries and use cases.
Google - Cybersecurity Forecast (2026) - Analyzes the evolving cybersecurity landscape for 2026, focusing on the impact of artificial intelligence, persistent cybercrime, and nation-state activities. Key insights reveal adversaries fully embracing AI for sophisticated attacks, a significant rise in ransomware and data theft extortion, and nation-states prioritizing long-term strategic cyber espionage.
GSMA - Post Quantum Cryptography For 5g Roaming (2025) - Analyzes the implications of Post Quantum Cryptography for 4G and 5G roaming use cases, addressing threats and mitigation strategies against a Cryptographically Relevant Quantum Computer. The analysis extends to include existing security mechanisms like Direct TLS and PRINS, while also outlining comprehensive migration strategies for Public Key Infrastructure, TLS 1.3, IKEv2/IPSec, and hybrid cryptography across various roaming scenarios.
Hiscox - Cyber Readiness Report (2025) - Examines the cybersecurity posture of 5,750 SMEs across multiple countries, focusing on the growing influence of artificial intelligence and the persistence of ransomware threats. Highlights that while 59% of businesses experienced an attack in the last year, a significant 94% are proactively increasing their security investments to bolster resilience against these evolving risks.
ISACA - State Of Cybersecurity (2025) - Analyzes the global cybersecurity landscape, focusing on workforce dynamics, diminishing budget optimism, and the expanding integration of artificial intelligence. Key findings reveal that adaptability has surpassed experience as the primary hiring qualification, while a widening soft skills gap of 59% and an aging demographic pose significant succession risks for the industry.
Kiteworks - Data Security Compliance Risk Annual Survey (2025) - This year’s findings reveal a stark truth: Organizations operating blind face exponentially higher risks than those with clear visibility and governance.
Kong - API Security Perspectives (2025) - Outlines the growing threat of AI-enhanced attacks on APIs and emphasizes the need for robust API security measures and the rising risks associated with these new types of threats.
Mixmode - State Of AI In Cybersecurity Report (2025) - Analyzes the current state of AI adoption in cybersecurity, detailing its impact on threat detection and response capabilities. Key findings indicate that while AI significantly improves threat prioritization and SOC efficiency, organizations struggle with integrating AI into legacy systems and a growing need for internal expertise to validate vendor claims.
Momentum - Cybersecurity Almanac (2025) - Analyzes the cybersecurity M&A and capital markets landscape for 2025, detailing strategic activity across acquisitions, IPOs, and financings. Key insights reveal a record $119 billion in strategic activity, with strategic buyers dominating the market and an emerging two-tier market structure.
Nametag - Workforce Impersonation Report (2026) - Focuses on insider threats and adaptation of Enterprise security strategies. In 2025, a growing number of breaches that began with someone pretending to be a legitimate member of the workforce. Nearly every major breach now carries an element of impersonation.
NCC Group - Cyber Threat Intelligence Report (2025) - Analyzes the October 2025 cyber threat landscape, highlighting a sharp reversal in ransomware trends and the rising prevalence of fileless malware techniques. Key findings include a 41% increase in global attacks driven largely by the Qilin group, the resurgence of LockBit with version 5.0, and the detection of the EggStreme strain targeting defense sectors.
Net Diligence - Cyber Claims Study (2025) - Analyzes over 10,000 cyber insurance claims from 2020 to 2024 to evaluate the financial impact of incidents across small-to-medium enterprises and large organizations. Key findings reveal that ransomware and business email compromise remain the primary loss drivers, with ransomware payments reaching unprecedented levels of up to $75 million.
Netscout - DDoS Threat Intelligence Report (2025) - Designed to quickly equip readers with actionable intelligence, it delivers insights critical for ongoing network operations and strategic planning. The digital battlefield of 2025 is defined by an unprecedented escalation in DDoS warfare, with more than 8 million attacks recorded in the first half alone.
Norton - Cyber Safety Insights Report (2025) - Examines the cyber safety landscape for children, focusing on AI integration and cyberbullying trends. Key insights reveal that 36% of global parents notice their children using AI for companionship, while the US leads with 24% of children experiencing cyberbullying, often occurring on gaming platforms and via text.
Picus - Blue Report (2025) - Developed by Picus Labs, this annual study is based on over 160 million attack simulations performed on the Picus Security Validation Platform, providing a comprehensive view of how security products and configurations perform across modern enterprise environments. The Blue Report 2025 is designed to serve as a practical guide for security teams and decision-makers aiming to mature their security.
Pillar - State Of Attacks On Genai (2025) - Analyzes real-world attacks on Generative AI applications, revealing critical security vulnerabilities. Key findings indicate a 90% data leakage rate in successful attacks, with adversaries requiring only 42 seconds and an average of 5 interactions to compromise systems.
Proofpoint - Data Security Landscape Report (2025) - Focuses on the pervasive nature of data loss incidents and the challenges organizations face in securing sensitive data amidst rapid AI adoption. For some time, it has required an increasingly layered approach: one that accounts for human behavior, data sprawl and the adoption of generative AI.
Proofpoint - Cyber Insecurity Healthcare (2025) - Examining the ongoing cyber insecurity within the healthcare industry, detailing its financial repercussions and direct impact on patient care. Key findings indicate 93 percent of organizations experienced an average of 43 cyberattacks, with 72 percent reporting patient care disruption and the average cost of the most expensive incident reaching $3.9 million, alongside a 29 percent increase in mortality rates linked to these events.
Prophet - State Of AI In Secops (2025) - Focuses on the challenges and opportunities surrounding the adoption of AI in Security Operations Centers. The report reveals that a significant percentage of alerts are ignored, leading to critical breaches, and highlights the growing prioritization of AI for security to address alert fatigue and improve efficiency.
PWC - Global Digital Trust Insights Report (2025) - Examines the current state of cyber resilience, identifying critical gaps in organizational preparedness and implementation. Key findings reveal only 2% of organizations have fully implemented cyber resilience actions, alongside significant gaps in CISO involvement in strategic planning and a confidence disparity between CEOs and CISOs regarding AI regulations.
Reco - Shadow AI Report (2025) - Examines the proliferation and risks of shadow AI within enterprises, detailing its impact on data security and operational workflows. Key findings reveal that OpenAI accounts for 53% of all shadow AI usage, while popular tools like CreativeX and System.com demonstrate prolonged unsanctioned usage, exposing organizations to significant and persistent data security vulnerabilities.
SANS - Cyber Threat Hunting Survey (2025) - Analyzes the decade-long evolution of threat hunting capabilities within organizations, addressing persistent challenges posed by AI adoption and cloud environments.
SANS - AI Survey (2025) - Analyzes the impact of AI on cybersecurity, three years after the introduction of generative AI. The survey reveals that security teams are lagging in AI adoption, with only half using it for cybersecurity tasks, while 81% express concern over AI-powered threats, highlighting a need for more training and governance.
SANS - SOC Survey (2025) - Focuses on the structure, staffing, and challenges of modern Security Operations Centers based on the 2025 SANS SOC Survey. Key findings reveal that while core SOC functions remain consistent, there's a growing interest in cloud-native security operations, and geopolitical uncertainty is driving increased scrutiny around international data flows.
Search Light Cyber - The Correlation Between Dark Web Exposure And Cybersecurity Risk (2025) - Analyzes the relationship between dark web exposure and organizational cybersecurity risk, utilizing data from over 9,000 organizations to validate the predictive nature of pre-attack intelligence. Key findings demonstrate a statistically significant correlation between dark web artifacts, such as market listings and forum chatter, and an increased probability of suffering a cyber insurance loss.
SISA Sappers - Report (2025) - Analyzes the security posture of the global financial ecosystem in H1 2025, focusing on the dual threat of sophisticated ransomware campaigns and the rapid weaponization of high-severity vulnerabilities. Identifies emerging financial fraud techniques such as NFCGate ATM relay attacks and offline HCE fraud, while detailing the active exploitation of critical flaws like CVE-2025-22457 by major threat groups including LockBit and Lazarus.
Sophos - State Of Ransomware In Healthcare (2025) - Analyzes the state of ransomware in the healthcare sector during 2025, detailing the causes, consequences, and recovery experiences from attacks. Key findings include a 91% drop in the average ransom demand to $342K, a significant decrease in the data encryption rate to 34%, and 97% of victims successfully recovering encrypted data.
Splunk - State Of Security (2025) - Examines the evolving challenges and future strategies for Security Operations Centers. Highlights that inefficiencies, primarily from excessive tool maintenance and alert overload, significantly hinder operations, while AI is becoming a key driver for efficiency despite prevalent trust concerns.
Tailscale - State of Zero Trust (2025) - Focuses on the current state of Zero Trust adoption, highlighting the challenges and frustrations faced by IT, security, and engineering teams. Key insights reveal that fewer than one-third of organizations employ identity-based access as their primary model, while 83% of personnel admit to circumventing security measures to maintain productivity.
Trelllix - Advanced Threat Research Report (2025) - Analyzes the intense escalation of the global cyber threat landscape between April and September 2025, detailing the evolving tradecraft of Advanced Persistent Threats and the rising adoption of AI-powered malware. Key findings highlight a strategic focus on the telecommunications sector, which attracted over 70% of APT activity, and the emergence of malware-less infiltration techniques where state-sponsored operatives are hired as legitimate IT staff.
Vanta - State Of Trust Report (2025) - Analyzes the current state of trust in businesses, highlighting the impact of AI on risk, compliance, and security. The report reveals a significant AI readiness gap, with adoption outpacing expertise, and emphasizes the increasing importance of governed automation and continuous monitoring to address rising threats and maintain customer trust.
Verizon - Mobile Security Index (2025) - Examines the intersection of AI-driven risks and human decision-making within the mobile security landscape, utilizing survey data from 762 professionals to benchmark industry resilience. Key insights highlight the critical necessity of mobile device management and hybrid mesh architectures to mitigate the disruptive impacts of deepfakes and persistent human error in hyperconnected environments.
Viking Cloud - Cyber Threat Landscape (2025) - Analyzes the evolving cyber threat landscape, highlighting concerns among cybersecurity leaders. Key findings reveal a significant rise in AI-driven attacks and insider threats, coupled with underreporting of incidents and a growing reliance on outsourced security solutions.
Wipro - State Of Cybersecurity Report (2025) - Analyzes the cybersecurity landscape, focusing on nation-state cyber warfare and data breaches. The report reveals that 86% of nation-state attacks are espionage-related, with intellectual property theft as the primary motive, and a rise in breaches targeting advanced PII, particularly in the technology, BFSI, and healthcare sectors.
World Economic Forum - Global Cybersecurity Outlook (2026) - Analyzes the global cybersecurity landscape in 2026, focusing on the impact of AI, geopolitics, and cybercrime. Key findings reveal that 94% of respondents anticipate AI will be the most significant driver of change, while 87% identified AI-related vulnerabilities as the fastest-growing cyber risk.
Yubico - Global State Of Authentication Report (2025) - Analyzes global authentication habits and the persistent perception-reality gap between employee security beliefs and modern cyber vulnerabilities. Key findings from the survey of 18,000 employed adults reveal that 40% of employees have never received cybersecurity training, and 62% of organizations still rely primarily on vulnerable username and password credentials.
Zscaler - Threatlabz VPN Risk Report (2025) - Examines the increasing obsolescence of traditional VPNs due to mounting security vulnerabilities and the accelerated adoption of zero trust architectures. Key findings indicate that 56% of organizations suffered VPN-related attacks in the past year, prompting 65% of enterprises to plan a complete removal of VPN services by 2026.

Executive Perspectives¶

CSC - The Chief Information Security Officer Outlook (2025) - Analyzes the cybersecurity concerns of CISOs in 2025, highlighting the increasing complexity and intensity of threats, particularly domain-related attacks.
Cyentia - CISO Engagement Study (2025) - Focuses on how cybersecurity buyers engage with AI driven topics, evolving content formats, and shifting sponsor behavior across global regions and industries. The data shows AI dominates user interest, OT security is underserved despite growing demand, webinars lead CISO engagement, and timely topic alignment like ransomware, cloud, and identity sharply improves visibility and campaign performance.
Proofpoint - Voice of the CISO Report (2025) - Examines the challenges, expectations, and priorities of CISOs in 2025, focusing on the impact of AI and persistent threats. The report reveals a growing concern among CISOs regarding potential cyberattacks and data loss, despite confidence in their cybersecurity culture, highlighting the need for enhanced data protection measures and addressing human-related risks.
Salt - CISO and CIO Investment Priorities (2025) - Surveys key cybersecurity investment priorities for CISOs and CIOs in 2025, as detailed in a white paper by Osterman Research and sponsored by Salt Security. Key findings highlight shifts in priorities based on evolving threat landscapes and increased focus on incident response and proactive security measures.
Splunk - CISO Report (2025) - Analyzes the evolving relationship between CISOs and their boards, highlighting areas of alignment and significant divergence. Key insights reveal that while CISOs are increasingly present in board meetings, a substantial gap persists in how both parties perceive CISO priorities, time allocation, and the definition of success.
Team8 - CISO Survey (2025) - Outlines critical trends and strategic imperatives shaping the future of cybersecurity, based on the 2025 CISO Village Survey. Notable findings reveal record cybersecurity budget increases, a dual perception of AI as both a threat and a defensive tool, and heightened CISO personal liability amidst stringent regulatory changes.

Workforce and Culture¶

CompTIA - State of Cybersecurity (2025) - Analyzes the current state of cybersecurity, focusing on organizational priorities, incident impact, and workforce development needs. Key findings reveal that cybersecurity is a high priority for 59% of organizations, yet 56% experienced significant incident impact, highlighting a critical skills gap and the growing influence of generative AI on cybersecurity strategies.
ISACA - State of Privacy (2025) - Outlines key trends in global privacy practices, including staffing needs, budget constraints, and the increasing integration of AI in privacy operations. Key findings reveal significant skill gaps and difficulties in staff retention, coupled with increasing reliance on AI for privacy initiatives and a growing concern over privacy breaches.
Mimecast - The State Of Human Risk (2025) - Analyzes the state of human risk in cybersecurity, highlighting its growing prominence over technology gaps. Key findings indicate that despite increased budgets, organizations still face significant challenges with human error, collaboration tool security, and the evolving threat landscape driven by AI.
N2K - Wicys Cyber Talent Study (2025) - Analyzes the strategic collaboration between N2K Networks and Women in CyberSecurity WiCyS to map member skills against the NICE Workforce Framework. Key findings highlight the exceptional alignment of WiCyS members' capabilities with industry standards, establishing new benchmarks for professional development and workforce diversification.

Market and Investment Research¶

Altitude - Cyber Cybersecurity Market Review (2025) - Analyzes the cybersecurity market landscape, focusing on M&A and financing activities. Key insights reveal a significant surge in M&A deal volume, driven by large strategic acquisitions, alongside continued growth in financing deal counts despite a slight dip in overall volume.
Guy Carpenter - US Cyber Industry Exposure Database (2025) - Analyzes the US cyber industry exposure and loss curve for 2025, detailing market conditions and providing benchmarks for risk transfer. Key findings indicate a heightened risk landscape due to deregulation and nation-state activity, necessitating updated exposure estimates for financial and insurance markets.
IT Harvest - State Of Cyber (2025) - Examines the performance and key trends of the global cybersecurity industry during H1 2025. Key insights include an overall market contraction of 6.4% in vendor growth, juxtaposed with AI Security emerging as a dominant sector, comprising nearly one in three new startups.
Recorded Future - State Of Threat Intelligence (2025) - Analyzes the adoption and maturity of threat intelligence within enterprise cybersecurity, focusing on investment trends and strategic decision-making. Key findings reveal that 76% of organizations invest over $250,000 annually, with 91% planning to increase spending in 2026 to support dedicated teams and enhance detection capabilities.

Application Security¶

Appomni - State Of Saas Security Report (2025) - Analyzes the state of SaaS security in 2025, revealing a surge in security incidents despite organizations expressing confidence in their security posture. Key findings indicate a disconnect between perceived visibility and actual risk reduction, with 75% of organizations experiencing a SaaS-related security incident and a reliance on trust in SaaS vendors rather than internal validation.
Checkmarx - Future Of Application Security (2025) - Analyzes the current state and future challenges of application security amidst rapid developer velocity and the pervasive integration of AI in development workflows.
Cycode - State of Application Security Posture Management (2025) - Examines application security challenges and strategies from the perspectives of CISOs, AppSec Directors, and DevSecOps managers across the UK, US, and Germany. Key findings reveal inefficiencies strain the relationship between security and development teams, eroding trust and hindering productivity.
Cypress Data Defense - State of Application Security (2025) - Analyzes the state of application security and its impact on product velocity, revealing significant challenges in detection and integration. Key findings indicate that 62% of companies ship insecure code, 60% experience release delays due to security issues, and 83% are open to outsourcing application security.
Traceable - Global State of API Security (2025) - Annual survey gathering insights from 1,548 respondents across 100+ countries on the state of API security. Key findings reveal a persistent increase in API-related breaches, the inadequacy of traditional security solutions, and the growing risk posed by bot attacks and the integration of generative AI.

Cloud Security¶

Checkpoint - Cloud Security Report (2025) - Focuses on the escalating cloud security challenges organizations face, including fragmented environments and outdated defenses. The report reveals that cloud-related breaches are rising, detection is largely reactive, and slow remediation extends risk exposure, highlighting the need for unified, intelligent, and automated defenses.
CrowdStrike - SaaS Security Posture Management (2025) - Analyizes the 2024 SaaS Security Posture Management market, benchmarking companies' innovation and growth potential. Key findings highlight a competitive landscape with significant growth opportunities and best practices for companies seeking to improve their security posture.
Fortinet - Cloud Security Report (2025) - Examines the state of cloud security, focusing on deployment strategies, multi-cloud adoption, and prevalent security concerns. Key findings reveal low confidence in real-time threat detection and a persistent cybersecurity skills gap, highlighting the need for increased investment and improved security practices.
Google - Cybersecurity Forecast 2025 (2025) - Insights from Google Cloud leaders on emerging cybersecurity trends. Key predictions include the continued rise of ransomware and multifaceted extortion, the increasing use of AI by attackers, and the persistent threat from state-sponsored actors like China, Russia, Iran, and North Korea.

Identity Security¶

CyberArk - State of Machine Identity Security Report (2025) - Focuses on the critical and often-overlooked area of machine identity security. Key findings reveal that a significant percentage of organizations are concerned about risks stemming from compromised machine identities and expired certificates, highlighting a lack of visibility and control over secrets management.
CyberArk - Identity Security Threat Landscape Report (2025) - Examines the impact of cyberattacks on identity, including cyber debt, GenAI, machine identities, and third- and fourth-party risks. Key findings reveal a growing cyber debt fueled by these factors, highlighting the need for proactive security strategies.
Descope - State of Customer Identity Report (2025) - Analyzes the pervasive authentication stagnation noting 87% of organizations use passwords despite only 2% viewing them as effective. Highlights that open-source solutions nearly double revenue loss compared to commercial platforms , while AI trust paradoxically declines as deployments scale.
Duo - State Of Identity Security Report (2025) - Analyzes the state of identity security and the challenges IT and security leaders face in 2025. Key findings reveal low confidence in identity providers and significant gaps in MFA adoption, despite a growing awareness of AI-driven threats and a trend towards security-first identity strategies.
Guidepoint - Identity Access Management Maturity Report (2025) - Analyzes the current state of Identity and Access Management maturity across organizations, evaluating the effectiveness of their practices and investments. Key findings indicate that most organizations are underfunded and overly reliant on manual processes, while high performers demonstrate stronger security postures by leveraging automation and advanced identity technologies.
Hypr - State of Passwordless Identity Assurance (2025) - Focuses on the adoption and impact of passwordless identity assurance. Key findings indicate a growing momentum for passwordless authentication in the enterprise, with usage increasing by 10% compared to the previous year.
Okta - Secure Sign In Trends Report (2025) - Organizations are maintaining the steady adoption of traditional defenses while rapidly shifting toward advanced security standards. The analysis reveals that while overall multi-factor authentication adoption within the workforce context has reached 70%, organizations are also making a critical shift to phishing-resistant, passwordless authentication.
Omada - State Of Identity Governance (2025) - Focuses on the state of identity governance in large organizations, leveraging insights from a survey of IT and business leaders. Despite increased cybersecurity funding, organizations struggle with high IGA total cost of ownership and persistent excessive access permissions, driving a demand for modern cloud-based, AI-driven solutions to automate manual processes.
Sailpoint - Horizons Of Identity Security (2025) - Examines the evolving landscape of identity security and organizational maturity, highlighting its transformation from foundational control to a critical security frontier. Key findings highlight the potential for strategic investments to improve security posture and deliver higher returns, particularly among organizations demonstrating advanced maturity levels.
Spycloud - Identity Threat Report (2025) - Analyzes the landscape of identity-based cyber threats, highlighting trends, benchmarks, and strategies for enhanced protection. Key findings reveal that while most organizations are concerned about identity-based attacks and ransomware, significant defense gaps persist, including limited automation in remediation and inconsistent credential revocation practices.

Penetration Testing¶

Cobalt - State of Pentesting (2025) - Offers an overview of the current state of penetration testing, including trends, challenges, and best practices across various industries. A key finding reveals a significant increase in manual penetration testing alongside the emergence of AI-driven attacks and vulnerabilities, necessitating a refined pentesting maturity model.
HackerOne - Hacker Powered Security Report (2025) - Analyzes the evolving landscape of hacker-powered security, focusing on the integration of AI and the human element. Key insights reveal a significant surge in AI-related vulnerability reports and a growing trend of researchers upskilling to leverage AI in their offensive security workflows.

Privacy and Data Protection¶

Cisco - Privacy Benchmark Study (2025) - Highlights evolving trends in data privacy, examining the impact of regulation, investment, and the increasing role of artificial intelligence. Key insights reveal a paradoxical preference for local data storage despite higher trust in global providers, sustained positive impact from privacy legislation, and growing organizational focus on AI governance.
Drata - State of GRC (2025) - Focuses on the evolving role of Governance, Risk Management, and Compliance, transitioning from a cost center to a strategic business driver. A key finding highlights the challenges GRC teams face in balancing compliance complexity and business growth, including concerns about AI hallucinations providing improper GRC guidance.
Hyperproof - IT Risk and Compliance Benchmark Report (2025) - Examines the state of IT risk and compliance, focusing on the maturation of GRC programs and trends in framework adoption. Key findings reveal the maturing of GRC programs, evolving framework adoption, and the increasing significance of third-party risk management as a major concern.
Immuta - State of Data Security Report (2025) - A survey of 700+ data professionals examines the current state of data security, including challenges, trends, and best practices across various industries. Key findings reveal that security and access remain top concerns amidst growing data demands, with people, processes, and technology all contributing to the complexities.
Kiteworks - Forecast for Managing Private Content Exposure Risk (2025) - Outlines 12 predictions for managing private content exposure risk, based on cybercrime, cybersecurity, and compliance trends focusing on sensitive content communications. Key predictions highlight the evolving global data privacy landscape, the increasing importance of secure content collaboration, and the need for robust API security to manage these risks effectively.

Ransomware¶

Delinea - State Of Ransomware Report (2025) - Analyzes the evolving ransomware threat landscape and organizational responses, highlighting key trends and challenges. Key findings indicate a surge in ransomware breaches and data extortion, alongside increasing executive concern despite the limited effectiveness of traditional anti-ransomware tactics and the under-deployment of least privilege.
Semperis - Ransomware Risk Report (2025) - Analyzes the global ransomware landscape, evaluating attack frequency, success rates, and the critical role of identity infrastructure. Key findings indicate a modest global decrease in ransomware success, yet 78% of organizations were still targeted, with 83% of attacks compromising identity infrastructure, and 15% of victims receiving no decryption keys after payment.
Sophos - State Of Ransomware (2025) - Outlines the state of ransomware in 2025, examining technical and operational attack vectors, data handling, and the financial and human costs of incidents. Notably, data encryption rates are at a six-year low of 50%, and median ransom payments dropped by 50%, though exploited vulnerabilities remain the leading attack vector.
Sophos - State Of Ransomware In Manufacturing (2025) - Outlines technical and organizational root causes of incidents within manufacturing. Insights reveal specific vulnerabilities exploited by actors and provide a comparison to other industrial sectors.

AI and Emerging Technologies¶

Australian Institute of Company Directors - Directors Introduction to AI (2025) - Offers practical guidance for directors on establishing robust AI governance frameworks, adapting to the technology's unique characteristics. The guide highlights a critical gap in current board oversight of AI, advocating for bespoke governance frameworks that address AI's unique risks, data dependencies, and the imperative for ethical deployment.
BigID - AI Risk And Readiness In The Enterprise (2025) - Analyzes the readiness of enterprises in securing AI, revealing a significant gap between AI adoption and governance. The report highlights that over 93% of organizations lack full confidence in securing AI-driven data, with AI-powered data leaks being the top security concern, while nearly half have no AI-specific security controls.
Calypso AI - Insider Threat Report (2025) - Analyzes the evolving landscape of internal AI adoption and its security implications across various organizational levels and industries.
Cisco - State of AI Security (2025) - Analyzes the emerging AI security risks and attack vectors within the AI threat landscape. Key findings reveal a growing need for proactive AI security research and the development of robust policies to mitigate these risks.
Clutch Security - MCP A View From The Trenches (2025) - Investigates the security risks of Model Context Protocol server deployments across enterprise environments, revealing a trend of silent, explosive adoption characterized by total security blindness. Critical findings highlight that employees are unwittingly exposing high-value non-human identities to arbitrary, unverified code sourced from public registries such as npm, GitHub, and PyPI.
Darktrace - State Of AI Cybersecurity (2025) - Analyzes the transformative impact of artificial intelligence on the global threat landscape and the corresponding shift in defensive strategies within security operations centers. Key insights reveal that while 89% of CISOs anticipate long-term challenges from AI-powered threats, organizations are prioritizing platform-based AI solutions over headcount growth, with only 11% planning to increase staff despite widespread concerns about preparedness.
Delinea - AI In Identity Security Report (2025) - Analyzes the widespread adoption of AI in IT operations and the associated risks, emphasizing the necessity for updated identity governance frameworks to manage agentic and generative AI entities. Key findings indicate that while 94% of global organizations are utilizing or piloting AI, only 44% possess security architectures fully equipped to handle the resulting identity and shadow AI challenges.
Hiddenlayer - AI Threat Landscape Report (2025) - Analyzes the evolving AI threat landscape, detailing risks to and from AI systems across various sectors. Notable findings include a 75% increase in AI attacks, a 72% prevalence of Shadow AI, and 88% concern over third-party AI integrations, alongside a significant underutilization of advanced security measures like red teaming 16% despite growing budgets and prioritization.
ICONIQ - The AI Builders Playbook (2025) - Focuses on the how-to of conceiving, delivering, and scaling AI-powered offerings, including product roadmap, go-to-market strategies, talent, cost management, and internal productivity. Key findings indicate that AI-native companies are rapidly scaling products, with agentic workflows being the most common type of AI product built by 80% of AI-native companies, while model accuracy and the increasing importance of cost are top considerations for foundational models.
Okta - AI at Work (2025) - Focuses on the perspectives of C-suite executives regarding the transformative impact of artificial intelligence on security, innovation, and efficiency within organizations. Key findings reveal executive sentiment, concerns, and priorities regarding AI implementation, highlighting varying levels of understanding and integration across different organizations.
Salt - Future Of Agentic AI Report (2025) - Highlights the increasing deployment of agentic AI and the foundational importance of robust API security to build and sustain consumer trust. The report uncovers a significant disparity between the rapid adoption of AI agents and lagging consumer trust, with 62% of consumers perceiving chatbots as more vulnerable to manipulation.
Wiz - AI Security Readiness (2025) - Analyzes the current state of AI security readiness among cloud architects, engineers, and security leaders, highlighting critical gaps. Key findings reveal widespread AI adoption is significantly outpacing the development of in-house security expertise and the implementation of AI-specific posture management tools, leading to substantial visibility challenges like shadow AI.

Resources¶

Annual reports are the result of a collaborative effort, combining research from both paid and non-profit sources, drawn from within the organization and the broader cybersecurity community. These reports rely on the contributions of various organizations that help shape the field by setting standards, offering certifications, conducting research, and influencing policy.

The categories below highlight the diverse roles these organizations play in building cybersecurity programs and advancing best practices. By exploring these groups, readers can gain insight into the ecosystem that underpins the development of annual reports and drives progress in the industry.

Research Consulting: These are organizations that offer paid research services, market analysis, and consulting in the field of information technology and cybersecurity.

Standards and Certifications: Organizations involved in setting cybersecurity standards, providing certifications, and creating frameworks for best practices.

Threat Intelligence and Incident Response: Organizations focused on sharing threat intelligence, coordinating cyber incident responses, and combating cyber threats.

Policy and Advocacy]: Institutions shaping cybersecurity policies, regulations, and public awareness on a national or international scale.

Working Groups: These are collaborative organizations or professional associations that conduct research, share information, and develop best practices in cybersecurity.

Government and Non-profits: This category includes government agencies and non-profit organizations dedicated to cybersecurity research, policy development, and public awareness.

Research Consulting¶

451 Research - A technology research and advisory firm specializing in emerging technology segments including cybersecurity market analysis and trends.
ABI Research - A technology market intelligence company providing strategic guidance on transformative technologies, including cybersecurity and digital security.
Forrester Research - An advisory company that offers paid research, consulting, and event services specialized in market research for information technology.
Frost & Sullivan - A consulting firm offering market research and analysis in cybersecurity, with particular focus on emerging technologies and market opportunities.
Gartner - A technology research and consulting firm which offers private paid consulting as well as executive programs and conferences.
GigaOm - A research firm offering practical, hands-on, practitioner-driven research for businesses.
International Data Corporation (IDC) - A global provider of market intelligence and advisory services.
KuppingerCole - A global analyst company specializing in information security, identity & access management, and risk management.
Omdia - A global technology research powerhouse focusing on cybersecurity market analysis and digital transformation.

Standards and Certifications¶

American Institute of CPAs - The AICPA SOC2 is a framework for managing and safeguarding customer data based on five trust service criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
The Information Security Forum (ISF) - A global, independent organization dedicated to benchmarking and sharing best practices in information security.
The International Organization for Standardization (ISO) - An international organizational body composed of representatives which conduct closed research for creation of standards.
The Information Systems Audit and Control Association (ISACA) - An international professional association focused on IT governance, which conducts research for and on behalf of the members.
The International Information System Security Certification Consortium (ISC)² - An American not-for-profit organization which conducts research for consumers of their cybersecurity training and certifications.
SANS Institute - A private U.S. for-profit company which conducts research for consumers of their cybersecurity training and certifications.
Trusted Computing Group (TCG) - Develops and promotes open standards for hardware-enabled security.

Threat Intelligence and Incident Response¶

The Anti-Phishing Working Group (APWG) - A global coalition focused on unifying the global response to cybercrime.
The Cyber Threat Alliance (CTA) - An industry-driven group of cybersecurity organizations that share threat intelligence and conduct collaborative research to combat cyber threats.
The Forum of Incident Response and Security Teams (FIRST) - Provides platforms, means and tools for incident responders to always find the right partner and to collaborate efficiently.
The Global Cyber Alliance (GCA) - An international, cross-sector effort dedicated to reducing cyber risk.
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) - Focuses on operational issues of Internet abuse including botnets, malware, spam, viruses, and mobile messaging abuse.
Ponemon Institute - Considered the pre-eminent research center dedicated to privacy, data protection and information security policy.

Policy and Advocacy¶

The Rand Corporation - An American not-for-profit organization which conducts research and analysis on various aspects of cybersecurity and cyber policy focused on national security.
Center for Strategic and International Studies (CSIS) - Technology Policy Program - A think tank with a Technology Policy Program that conducts research and provides insights into technology and cybersecurity policies.
Electronic Frontier Foundation (EFF) - A non-profit organization defending civil liberties in the digital world, including privacy and cybersecurity issues.
The Internet Security Alliance (ISA) - A multi-sector trade association focused on thought leadership, policy advocacy, and standards development for cybersecurity.
World Economic Forum (Centre for Cybersecurity) - A global initiative that brings together stakeholders from industry, government, and academia to improve cybersecurity globally and secure the digital economy.

Working Groups¶

The Cloud Security Alliance (CSA) - Promotes best practices for providing security assurance within cloud computing.
The Internet Engineering Task Force (IETF) - Develops and promotes internet standards, including those related to security.
The Open Web Application Security Project (OWASP) - A professional community that produces research concerning web application security, made freely available to the online community.
Industrial Control Systems Joint Working Group (ICSJWG) - Facilitates information sharing and collaboration for cybersecurity in industrial control systems.
The Open Source Security Foundation (OpenSSF) - A cross-industry collaboration to improve the security of open source software.
Web Application Security Consortium (WASC) - An international group of experts, industry practitioners, and organizational representatives who produce security standards and research.

Government and Non-profits¶

Australian Cyber Security Centre (ACSC) - Provides cyber security advice and support to Australian businesses and individuals.
Canadian Centre for Cyber Security - Canada's national authority on cybersecurity.
Center for Internet Security (CIS) - An American non-profit organization that provides cybersecurity solutions and best practices.
Cybersecurity and Infrastructure Security Agency (CISA) - A U.S. government agency responsible for enhancing the security and resilience of the nation's critical infrastructure.
Cybersecurity Forum Initiative (CSFI) - An American non-profit organization that promotes cybersecurity awareness and research.
Cyber Peace Institute - A non-profit organization focused on reducing the impact of cyberattacks on civilians and promoting peace in cyberspace by supporting international cooperation and collective action.
European Union Agency for Cybersecurity (ENISA) - A European Union agency that contributes to EU cybersecurity policy, enhances trust in digital services, and supports incident response capabilities across Europe.
Europol - European Cybercrime Centre (EC3) - A strategic alliance focused on combating cybercrime within the European Union.
German Federal Office for Information Security (BSI) - Germany's national cyber security authority providing IT security services and guidance.
Internet Security Research Group (ISRG) - A non-profit organization focused on reducing financial, technological, and educational barriers to secure communication over the Internet.
Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) - Japan's central organization for national cybersecurity strategy and incident response.
Korean Internet & Security Agency (KISA) - South Korea's government agency dedicated to promoting cybersecurity and a safer internet environment.
MITRE Corporation - An American not-for-profit organization which conducts research and development supporting various U.S. government agencies.
National Cyber Security Centre (NCSC) - The UK's technical authority for cyber incidents.
National Cyber Security Centre - Netherlands (NCSC-NL) - The Dutch national cyber security center providing guidance and incident response.
National Institute of Standards and Technology (NIST) - A U.S. agency that develops cybersecurity standards and guidelines.
Norwegian National Security Authority (NSM) - Norway's expert body for information and object security, providing guidance and incident response capabilities.
Singapore Cyber Security Agency (CSA) - Singapore's national agency overseeing cybersecurity strategy and development.