rhetenor/awesome-awesomeness
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
master
awesome-awesomeness/html/annualsecurityreports.html
rhetenor 5916c5c074 update lists
2025-07-18 22:22:32 +02:00

1851 lines
103 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!-- lint ignore double-link -->
<!--lint ignore definition-case-->
<!--lint disable awesome-toc-->
<!--lint disable no-emphasis-as-heading-->
<!--lint disable awesome-list-item-->
<h1 id="awesome-annual-security-reports-awesome">Awesome Annual Security
Reports <a href="https://awesome.re"><img
src="https://awesome.re/badge-flat2.svg" alt="Awesome" /></a></h1>
<blockquote>
<p>A curated list of annual cyber security reports - Centralized annual
cybersecurity analysis and industry surveys</p>
</blockquote>
<p><strong>Definition:</strong> The cybersecurity landscape is
constantly evolving, making it hard for CIOs, CISOs, and security
leaders to keep up. Theyre flooded with annual reports from research
consultancies, industry working groups, non-profits, and government
agencies, and sifting through marketing material to find actionable
insights is a major challenge. This list aims to cut through the noise
by providing a vendor-neutral resource for the latest security trends,
tools, and partnerships. It curates information from trusted sources,
making it easier for security leaders to make informed decisions.</p>
<p><strong>Disclaimer:</strong> The reports in this collection are
limited to content which does not require a paid subscription,
membership, or service contract. There are a variety of different
business models and drivers that would cause information to be put
behind a paywall, I would like to respect those companies and
individuals. Consult the original authors for licensing of any report
content.</p>
<p><strong>Limitations:</strong> This is <strong>not</strong> a
repository for project-specific documents such as white papers,
intelligence reports, technical specifications, or standards. While all
user-submitted uploads or report requests are welcome, we should draw a
box around this <em>awesome</em> list.</p>
<p><strong>Accessibility</strong> When possible, all reports will be
sourced from their original authors and uploaded to <a
href="https://virustotal.com/">Virus Total</a> via GitHub action to
provide an added level of confidence. The resulting analysis link will
be included in the PDF commit notes. Additionally, all PDF reports will
be converted to Markdown using AI, based on the <a
href="/.github/ai-prompts">AI Prompts</a> defined in this
repository.</p>
<p><strong>Acknowledgement:</strong> I would like to give recognition
for other works that inspired this collection. <a
href="https://it-harvest.com/about/">Richard Stiennon</a> produces an
annual, comprehensive industry analysis that surpasses the scope of this
list and deserves attention. Additionally, <a
href="https://www.linkedin.com/in/rickhoward/">Rick Howard</a>s cyber
cannon list of must-read books is an invaluable resource, catering to
both leadership and practitioner levels within the field.</p>
<p><strong>Annual Report Counts:</strong></p>
<p><img
src="https://img.shields.io/github/directory-file-count/jacobdjwilson/awesome-annual-security-reports/Annual%20Security%20Reports%2F2020?type=file&amp;style=flat-square&amp;label=2020%20Reports"
alt="GitHub repo file or directory count (in path)" /> <img
src="https://img.shields.io/github/directory-file-count/jacobdjwilson/awesome-annual-security-reports/Annual%20Security%20Reports%2F2021?type=file&amp;style=flat-square&amp;label=2021%20Reports"
alt="GitHub repo file or directory count (in path)" /> <img
src="https://img.shields.io/github/directory-file-count/jacobdjwilson/awesome-annual-security-reports/Annual%20Security%20Reports%2F2022?type=file&amp;style=flat-square&amp;label=2022%20Reports"
alt="GitHub repo file or directory count (in path)" /> <img
src="https://img.shields.io/github/directory-file-count/jacobdjwilson/awesome-annual-security-reports/Annual%20Security%20Reports%2F2023?type=file&amp;style=flat-square&amp;label=2023%20Reports"
alt="GitHub repo file or directory count (in path)" /> <img
src="https://img.shields.io/github/directory-file-count/jacobdjwilson/awesome-annual-security-reports/Annual%20Security%20Reports%2F2024?type=file&amp;style=flat-square&amp;label=2024%20Reports"
alt="GitHub repo file or directory count (in path)" /> <img
src="https://img.shields.io/github/directory-file-count/jacobdjwilson/awesome-annual-security-reports/Annual%20Security%20Reports%2F2025?type=file&amp;style=flat-square&amp;label=2025%20Reports"
alt="GitHub repo file or directory count (in path)" /></p>
<h2 id="contents">Contents</h2>
<!-- TOC -->
<ul>
<li><a href="#overview">Overview</a></li>
<li><a href="#analysis-reports">Analysis Reports</a>
<ul>
<li><a href="#threat-intelligence">Threat Intelligence</a></li>
<li><a href="#application-security">Application Security</a></li>
<li><a href="#cloud-security">Cloud Security</a></li>
<li><a href="#vulnerabilities">Vulnerabilities</a></li>
<li><a href="#ransomware">Ransomware</a></li>
<li><a href="#data-breaches">Data Breaches</a></li>
<li><a href="#physical-security">Physical Security</a></li>
<li><a href="#ai-and-emerging-technologies">AI and Emerging
Technologies</a></li>
</ul></li>
<li><a href="#survey-reports">Survey Reports</a>
<ul>
<li><a href="#industry-trends">Industry Trends</a></li>
<li><a href="#application-security-1">Application Security</a></li>
<li><a href="#cloud-security-1">Cloud Security</a></li>
<li><a href="#identity-security">Identity Security</a></li>
<li><a href="#penetration-testing">Penetration Testing</a></li>
<li><a href="#ransomware-1">Ransomware</a></li>
<li><a href="#privacy-and-data-protection">Privacy and Data
Protection</a></li>
<li><a href="#ai-and-emerging-technologies-1">AI and Emerging
Technologies</a></li>
</ul></li>
<li><a href="#resources">Resources</a>
<ul>
<li><a href="#research-consulting">Research Consulting</a></li>
<li><a href="#standards-and-certifications">Standards and
Certifications</a></li>
<li><a href="#threat-intelligence-and-incident-response">Threat
Intelligence and Incident Response</a></li>
<li><a href="#policy-and-advocacy">Policy and Advocacy</a></li>
<li><a href="#working-groups">Working Groups</a></li>
<li><a href="#government-and-non-profits">Government and
Non-profits</a></li>
</ul></li>
<li><a href="#contributing">Contributing</a> <!-- /TOC --></li>
</ul>
<h2 id="overview">Overview</h2>
<p>Reports are organized into two main categories based on their data
sources: - <strong>Analysis:</strong> Generated through quantification
and qualification of data from sensor networks or cybersecurity
services. - <strong>Survey:</strong> Derived from surveys, interviews,
or consulting engagements that capture industry sentiment and
practices.</p>
<p>The most recent versions of reports are listed below. Older editions
are preserved in their corresponding yearly directories. Reports from
sources that have not been updated in the last three years will no
longer appear in this <code>README.md</code> but will remain accessible
in the respective years directory.</p>
<p>Reports are organized by their primary focus. Although many reports
span multiple topics, this classification provides a clearer structure.
Within each topic, reports are listed alphabetically.</p>
<h2 id="analysis-reports">Analysis Reports</h2>
<h2 id="threat-intelligence">Threat Intelligence</h2>
<ul>
<li><a
href="https://arcticwolf.com/arctic-wolf-labs-2025-cybersecurity-predictions/">ArticWolfLabs</a>
- <a
href="Annual%20Security%20Reports/2025/ArticWolfLabs-Cybersecurity-Predictions-2025.pdf">Cybersecurity
Predictions</a> (2025) - Analyzes evolving threat landscapes and
predicts key cybersecurity challenges for 2025. The report highlights
the increasing sophistication of social engineering attacks, emphasizing
the critical need for robust multi-factor authentication (MFA)
implementations and vigilance against evolving tactics, techniques, and
procedures (TTPs).</li>
<li><a
href="https://www.cyber.gov.au/about-us/view-all-content/reports-and-statistics/annual-cyber-threat-report-2023-2024">Australian
Signals Directorate</a> - <a
href="Annual%20Security%20Reports/2024/ASD-Cyber-Threat-Report-2024.pdf">Cyber
Threat Report</a> (2024) - Analyzes the Australian cyber threat
landscape for 2023-2024, focusing on state actors, critical
infrastructure attacks, cybercrime, hacktivism, and national resilience
efforts. Key findings highlight a significant increase in ransomware
attacks targeting critical infrastructure and a concerning rise in
hacktivism motivated by geopolitical events.</li>
<li><a
href="https://news.bd.com/2024-06-13-BD-Issues-Annual-Product-Security-Report,-Highlighting-Transparency-and-Collaboration">BD</a>
- <a
href="Annual%20Security%20Reports/2023/BD-Product-Security-Annual-Report-2023.pdf">Product
Security Annual Report</a> (2023) - Analyzes the cybersecurity posture
of BDs medical device ecosystem and its products. Key findings
highlight the importance of collaborative vulnerability disclosure and
the implementation of strong cybersecurity controls throughout the
product lifecycle to mitigate risks within the healthcare sector.</li>
<li><a
href="https://blackpointcyber.com/resources/cybersecurity-annual-threat-report-2024/">Blackpoint</a>
- <a
href="Annual%20Security%20Reports/2024/Blackpoint-Cyber-Annual-Threat-Report-2024.pdf">Annual
Threat Report</a> (2024) - Analyzes the 2023 cyberthreat landscape and
emerging trends. Key findings highlight a concerning rise in
exploitation of vulnerabilities like Citrix Bleed, alongside shifts in
threat actor tactics and industry-specific vulnerabilities.</li>
<li><a href="https://www.checkpoint.com/security-report/">CheckPoint</a>
- <a
href="Annual%20Security%20Reports/2025/CheckPoint-Cybersecurity-Report-2025.pdf">Cybersecurity
Report</a> (2025) - Analyzes global cybersecurity events and trends in
2024, offering predictions and recommendations for CISOs in 2025. Key
findings highlight the impact of AI and cloud advancements on
cybercrime, emphasizing the need for proactive security measures and
adaptive strategies.</li>
<li><a
href="https://umbrella.cisco.com/info/cyber-threat-trends-report">Cisco</a>
- <a
href="Annual%20Security%20Reports/2025/Cisco-Cyber-Threats-Trends-Report-2025.pdf">Cyber
Threats Trends Report</a> (2025) - Analyzes current cyber threat trends,
focusing on information stealers, Trojans, ransomware, RATs, and APTs.
Key findings reveal a significant increase in the sophistication and
volume of attacks, particularly concerning the use of information
stealers and the continued evolution of ransomware techniques.</li>
<li><a
href="https://www.crowdstrike.com/resources/reports/overwatch-threat-hunting-report/">CrowdStrike</a>
- <a
href="Annual%20Security%20Reports/2024/CrowdStrike-Threat-Hunting-Report-2024.pdf">Threat
Hunting Report</a> (2024) - Analyzes 2024 intrusion trends, focusing on
adversary tactics and sectoral targeting. Key findings reveal a
significant rise in cloud-based attacks leveraging cloud management
agents, alongside a concerning increase in sophisticated insider threats
targeting numerous U.S. companies.</li>
<li><a
href="https://www.crowdstrike.com/en-us/global-threat-report/">CrowdStrike</a>
- <a
href="Annual%20Security%20Reports/2025/Crowdstrike-Global-Threat-Report-2025.pdf">Global
Threat Report</a> (2025) - Analyzes global threat trends and key
adversary tactics for 2025. Significant findings include the increasing
use of generative AI by adversaries, the persistent threat of social
engineering, and the growing sophistication of cloud-based attacks
targeting SaaS platforms.</li>
<li><a
href="https://darktrace.com/resources/annual-threat-report-2024">DarkTrace</a>
- <a
href="Annual%20Security%20Reports/2024/Darktrace-Annual-Threat-Report-2024.pdf">Annual
Threat Report</a> (2024) - Analyzes the 2024 threat landscape, focusing
on ransomware, email threats, and state-sponsored espionage. Key
findings reveal the persistence of ransomware attacks, the increasing
sophistication of LOTL techniques, and a notable rise in threats
targeting operational technology and critical infrastructure
sectors.</li>
<li><a
href="https://info.deepinstinct.com/2025_cyber_threat_landscape_report">DeepInstinct</a>
- <a
href="Annual%20Security%20Reports/2025/Deep-Instinct-Cyber-Threat-Landscape-Report-2025.pdf">Threat
Landscape Report</a> (2025) - Analyzes global malware trends and
ransomware attacks in 2024, offering predictions for 2025. Key findings
highlight a continued rise in ransomware attacks targeting specific
sectors, coupled with the evolving tactics of ransomware groups and the
impact of sanctions and disclosures on their operations.</li>
<li><a
href="https://www.deepwatch.com/2024-ati-threat-report/">DeepWatch</a> -
<a
href="Annual%20Security%20Reports/2024/Deepwatch-Annual-Threat-Report-2024.pdf">Annual
Threat Report</a> (2024) - Analyzes 2023 adversary tactics and
intelligence, focusing on observed trends and key threat actors. Key
findings highlight the continued dominance of account compromise and
ransomware incidents, alongside the persistent exploitation of critical
vulnerabilities in internet-facing systems.</li>
<li><a
href="https://www.dhs.gov/publication/homeland-threat-assessment">Department
of Homeland Security</a> - <a
href="Annual%20Security%20Reports/2025/DHS-Threat-Assessment-2025.pdf">Threat
Assessment</a> (2025) - Analyzes homeland security threats in 2025,
focusing on terrorism, transnational crime, and threats to critical
infrastructure. Key concerns include the evolving tactics of
nation-state actors, the persistent threat of cyberattacks targeting
critical infrastructure, and the increasing challenges posed by
transnational criminal organizations.</li>
<li><a
href="https://explore.dnsfilter.com/2025-annual-security-report">DNSFilter</a>
- <a
href="Annual%20Security%20Reports/2025/DNSFilter-Annual-Security-Report-2025.pdf">Annual
Security Report</a> (2025) - Analyzes 2024 cybersecurity trends,
focusing on data breaches and their impact across various regions. Key
findings reveal a significant increase in threats related to natural
disasters and election-related attacks, coupled with an uneven adoption
of security measures among Managed Service Providers (MSPs).</li>
<li><a
href="https://www.dragos.com/ot-cybersecurity-year-in-review/">Dragos</a>
- <a
href="Annual%20Security%20Reports/2025/Dragos-OT-Cybersecurity-Report-A-Year-in-Review-2025.pdf">OT
Cybersecurity Report A Year in Review</a> (2025) - Analyzes the 2025
OT/ICS cybersecurity landscape, focusing on adversary tactics and
defender progress. Key findings reveal a rise in OT-centric cyber
operations fueled by geopolitical tensions, particularly the
Ukraine-Russia conflict, and the increasing activity of threat groups
like KAMACITE and ELECTRUM.</li>
<li><a
href="https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024">ENISA</a>
- <a
href="Annual%20Security%20Reports/2024/ENISA-Threat-Landscape-2024.pdf">Threat
Landscape Report</a> (2024) - Analyzes the 2024 threat landscape,
focusing on evolving trends in cyberattacks and vulnerabilities. Key
findings highlight the persistent threat of ransomware, the increasing
sophistication of social engineering tactics, and a concerning rise in
data breaches targeting critical infrastructure.</li>
<li><a
href="https://www.ensigninfosecurity.com/resources/threat-insights/cyber-threat-landscape-report-2024">Ensign</a>
- <a
href="Annual%20Security%20Reports/2024/Ensign-Cyber-Threat-Landscape-Report-2024.pdf">Cyber
Threat Landscape Report</a> (2024) - Analyzes cybersecurity threat
trends across the Asia-Pacific region in 2023. Key findings highlight
the evolution of ransomware extortion tactics and the increasing
sophistication of hacktivist groups, alongside a notable rise in attacks
targeting digital infrastructure.</li>
<li><a href="https://expel.com/annual-threat-report/">Expel</a> - <a
href="Annual%20Security%20Reports/2025/Expel-Annual-Threat-Report-2025.pdf">Annual
Threat Report</a> (2025) - Analyzes cybersecurity trends from 2024,
focusing on cloud security, phishing, and other threats. Key findings
reveal diverse threat actor tactics across various industries,
highlighting the need for proactive detection and preventative
measures.</li>
<li><a href="https://www.ic3.gov/AnnualReport/Reports">FBI</a> - <a
href="Annual%20Security%20Reports/2024/FBI-Internet-Crime-Report-2024.pdf">Internet
Crime Report</a> (2024) - Analyzes 2024 cybercrime trends and complaint
data reported to the Internet Crime Complaint Center (IC3). Key findings
reveal a significant increase in cyber-enabled fraud complaints across
various age groups, with notable regional disparities in reported
incidents.</li>
<li><a
href="https://flashpoint.io/resources/report/flashpoint-2025-global-threat-intelligence-gtir/">Flashpoint</a>
- <a
href="Annual%20Security%20Reports/2025/Flashpoint-Threat-Intel-Report-2025.pdf">Global
Threat Intelligence Report</a> (2025) - Analyzes the 2025 global cyber
threat landscape, focusing on data breaches and information-stealing
malware. Key findings reveal significant trends in unauthorized access
methods and the evolving tactics used by threat actors, impacting
various sectors and requiring updated security strategies.</li>
<li><a
href="https://www.fortinet.com/blog/threat-research/key-takeaways-from-the-2025-global-threat-landscape-report">Fortinet</a>
- <a
href="Annual%20Security%20Reports/2025/Fortinet-Global-Threat-Report-2025.pdf">Global
Threat Report</a> (2025) - Analyzes the evolving global threat landscape
and attacker tactics. Key findings reveal a surge in cyber
reconnaissance activity driven by automated scanning and a significant
shift in attacker focus towards cloud environments and post-exploitation
techniques.</li>
<li><a
href="https://www.huntress.com/resources/2025-cyber-threat-report">Huntress</a>
- <a
href="Annual%20Security%20Reports/2025/Huntress-Threat-Report-2025.pdf">Threat
Report</a> (2025) - Analyzes the 2024 cyber threat landscape, focusing
on ransomware attacks and their impact across various sectors. Key
findings reveal a concerning increase in ransomware attacks targeting
healthcare and technology sectors, with a notable rise in the use of
Remote Monitoring and Management (RMM) tools for lateral movement.</li>
<li><a
href="https://www.ibm.com/thought-leadership/institute-business-value/en-us/report/2025-threat-intelligence-index">IBM</a>
- <a
href="Annual%20Security%20Reports/2025/IBM-X-Force-Threat-Intelligence-Index-2025.pdf">X
Force Threat Intelligence Index</a> (2025) - Analyzes emerging
cybersecurity threats and trends for 2025. Key findings highlight the
increasing use of AI in attacks, the persistence of info-stealers, and
the significant role of phishing and cloud-based infrastructure in
successful compromises.</li>
<li><a
href="https://www.kelacyber.com/resources/research/2025-ai-threat-report/">Kela</a>
- <a
href="Annual%20Security%20Reports/2025/Kela-AI-Threat-Report-2025.pdf">AI
Threat Report</a> (2025) - Analyzes the weaponization of AI by
cybercriminals, focusing on emerging threats and attack vectors. Key
findings reveal a 200% increase in mentions of malicious AI in 2024,
highlighting the rapid growth of dark AI tools and their use in
automated phishing, vulnerability research, and malware
development.</li>
<li><a
href="https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025">Mandiant</a>
- <a
href="Annual%20Security%20Reports/2025/Mandiant-M-Trends-2025.pdf">M
Trends</a> (2025) - Analyzes global cybersecurity threats and trends in
2025. Key findings include insights into ransomware attacks, cloud
compromises, and the evolving tactics of various nation-state
actors.</li>
<li><a
href="https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024">Microsoft</a>
- <a
href="Annual%20Security%20Reports/2024/Microsoft-Digital-Defense-Report-2024.pdf">Digital
Defense Report</a> (2024) - Analyzes the evolving cybersecurity threat
landscape and key developments in threat actor motivations and tactics.
Significant findings include the blurring lines between nation-state
actors and cybercriminals, along with quantifiable data on nation-state
threat activity.</li>
<li><a
href="https://www.mimecast.com/resources/ebooks/threat-intelligence-july-december-2024/">Mimecast</a>
- <a
href="Annual%20Security%20Reports/2024/Mimecast-Global-Threat-Intelligence-Report-H2-2024.pdf">Global
Threat Intelligence Report H2</a> (2024) - Outlines a method for
converting technical PDFs into Markdown. The key focus is on complete
fidelity, preserving all content, structure, and formatting, including a
functional Table of Contents and descriptions of images rather than
embedding them.</li>
<li><a
href="https://www.ncsc.govt.nz/news/cyber-threat-report-2024">National
Cyber Security Centre</a> - <a
href="Annual%20Security%20Reports/2024/NCSC-Cyber-Threat-Report-2024.pdf">Cyber
Threat Report</a> (2024) - Analyzes New Zealands cyber threat landscape
for 2023-2024, focusing on state actors, critical infrastructure
attacks, cybercrime, hacktivism, and national resilience efforts. Key
findings highlight a notable increase in ransomware attacks targeting
critical infrastructure and a growing sophistication of state-sponsored
cyber operations.</li>
<li><a
href="https://www.nccgroup.com/us/threat-monitor-report-2024/">NCC
Group</a> - <a
href="Annual%20Security%20Reports/2024/NCCGroup-Threat-Monitor-Report-2024.pdf">Threat
Monitor Report</a> (2024) - Provides an analysis of current cyber
threats, offering insights into attack trends, vulnerabilities, and
strategies for improving organizational cybersecurity.</li>
<li><a
href="https://www.dni.gov/index.php/newsroom/reports-publications/reports-publications-2025/4058-2025-annual-threat-assessment">Office
of the Director of National Intelligence</a> - <a
href="Annual%20Security%20Reports/2025/ODNI-Annual-Threat-Assessment-2025.pdf">Annual
Threat Assessment</a> (2025) - This assessment analyzes the evolving
threat landscape to U.S. national security posed by state and non-state
actors. Key concerns include the increasing cooperation between
adversarial states and the persistent threat from transnational criminal
organizations, particularly in the illicit drug trade and extremist
activities.</li>
<li><a
href="https://www.orangecyberdefense.com/global/security-navigator">OrangeCyberDefense</a>
- <a
href="Annual%20Security%20Reports/2025/OrangeCyberDefense-Security-Navigator-2025.pdf">Security
Navigator</a> (2025) - Analyzes the evolving cybersecurity threat
landscape and proactive mitigation strategies. Key findings reveal a
rise in cyber extortion, AI-driven attacks, and threats to operational
and mobile networks, necessitating innovative defensive
adaptations.</li>
<li><a href="https://www.picussecurity.com/red-report">Picus</a> - <a
href="Annual%20Security%20Reports/2025/Picus-RedReport-2025.pdf">RedReport</a>
(2025) - Analyzes the ten most prevalent MITRE ATT&amp;CK® techniques
used by threat actors. Key findings reveal a high prevalence of
techniques related to process injection, command execution, and
credential harvesting, highlighting the persistent reliance on
established attack vectors.</li>
<li><a
href="https://www.rapid7.com/research/report/2024-attack-intelligence-report/">Rapid7</a>
- <a
href="Annual%20Security%20Reports/2024/Rapid7-Attack-Intelligence-Report-2024.pdf">Attack
Intelligence Report</a> (2024) - Analyzes vulnerability exploitation
trends and ransomware attack vectors in 2023. Key findings reveal a rise
in pre-patch exploitation and the continued prevalence of file transfer
protocol vulnerabilities as initial access vectors for ransomware.</li>
<li><a
href="https://www.recordedfuture.com/research/2024-annual-report">RecordedFuture</a>
- <a
href="Annual%20Security%20Reports/2024/RecordedFuture-Cyber-Threat-Analysis-Report-2024.pdf">Cyber
Threat Analysis Report</a> (2024) - Analyzes the impact of SaaS
application proliferation on cyberattacks in 2024. Key findings reveal
the significant role of stolen credentials and MFA failures in data
breaches, alongside the increased use of generative AI in influence
operations and a rise in ransomware variants.</li>
<li><a
href="https://redcanary.com/threat-detection-report/">RedCanary</a> - <a
href="Annual%20Security%20Reports/2025/RedCanary-Threat-Detection-Report-2025.pdf">Threat
Detection Report</a> (2025) - Analyzes emerging threat detection trends
in 2025, focusing on ransomware, initial access vectors, and
identity-based attacks. Key findings reveal a significant increase in
API abuse within cloud environments and the growing sophistication of
AI-powered adversary emulation techniques.</li>
<li><a
href="https://www.reliaquest.com/resources/research-reports/annual-threat-report-2025/">ReliaQuest</a>
- <a
href="Annual%20Security%20Reports/2025/ReliaQuest-Annual-Threat-Report-2025.pdf">Annual
Threat Report</a> (2025) - Analyzes 2024 cyber-threat trends, focusing
on initial access tactics and their effectiveness. Key findings reveal
inadequate logging as the root cause of most breaches, with session
hijacking bypassing multi-factor authentication in all successful
business email compromise incidents.</li>
<li><a
href="https://www.secureworks.com/resources/rp-state-of-the-threat-2024">Secureworks</a>
- <a
href="Annual%20Security%20Reports/2024/Secureworks-State-of-the-Threat-Report-2024.pdf">State
of the Threat</a> (2024) - Analyzes global cybercrime trends and threat
actor activities throughout the year. Key findings reveal persistent
cybercrime growth despite law enforcement efforts, coupled with
significant increases in hacktivism and state-sponsored attacks.</li>
<li><a href="https://www.sonicwall.com/threat-report/">SonicWall</a> -
<a
href="Annual%20Security%20Reports/2025/SonicWall-Cyber-Threat-Report-2025.pdf">Cyber
Threat Report</a> (2025) - Analyzes the evolving landscape of cyber
threats in 2024, focusing on the rise of ransomware, BEC attacks, and
the impact of AI-powered tools. Key findings highlight a significant
increase in ransomware and BEC attacks, coupled with the concerning ease
with which threat actors can leverage AI and readily available tools to
launch sophisticated campaigns.</li>
<li><a
href="https://www.sophos.com/en-us/labs/security-threat-report">Sophos</a>
- <a
href="Annual%20Security%20Reports/2024/Sophos-Threat-Report-2024.pdf">Threat
Report</a> (2024) - Analyzes the evolving landscape of cybercrime,
focusing on its impact on small and medium-sized businesses. Key
findings reveal ransomware as a persistent major threat, exacerbated by
the rise of cybercrime-as-a-service and the increasing sophistication of
social engineering tactics.</li>
<li><a
href="https://www.trellix.com/advanced-research-center/threat-reports/june-2024/">Trellix</a>
- <a
href="Annual%20Security%20Reports/2024/Trelllix-Advanced-Threat-Research-Report-2024.pdf">Advanced
Threat Research Report</a> (2024) - Analyzes global cyber threats and
nation-state activity in June 2024. Key findings reveal a rise in APT
group activity targeting specific regions, utilizing both malicious and
non-malicious tools, with a notable focus on Volt Typhoon.</li>
<li><a
href="https://www.trendmicro.com/vinfo/us/security/news/threat-landscape/trend-2025-cyber-risk-report">TrendMicro</a>
- <a
href="Annual%20Security%20Reports/2025/TrendMicro-Cybersecurity-Risk-Report-2025.pdf">Annual
Cybersecurity Threat Report</a> (2025) - Analyzes enterprise cyber risk
exposure across sectors and regions using telemetry from Trend Vision
Ones Cyber Risk Index framework. Key findings show the education sector
maintained the highest risk throughout 2024, while larger organizations
exhibited greater exposure due to complex infrastructures and expanded
attack surfaces.</li>
<li><a
href="https://www.trustwave.com/en-us/resources/library/documents/2024-education-threat-briefing-and-mitigation-strategies/">Trustwave</a>
- <a
href="Annual%20Security%20Reports/2024/Trustwave-Education-Sector-Threat-Landscape-2024.pdf">Education
Sector Threat Landscape</a> (2024) - Analyzes the evolving threat
landscape in the education sector in 2024. Key findings highlight the
increasing reliance on online learning, a surge in ransomware attacks
targeting educational institutions, and the significant risk posed by
third-party vendors.</li>
<li><a
href="https://www.trustwave.com/en-us/resources/library/documents/professional-services-threat-briefing-and-mitigation-strategies/">Trustwave</a>
- <a
href="Annual%20Security%20Reports/2024/Trustwave-Professional-Services-Sector-Threat-Landscape-2024.pdf">Professional
Services Sector Threat Landscape</a> (2024) - Analyzes the 2024 threat
landscape for professional services firms. Key findings reveal a
significant increase in ransomware attacks leveraging supply chain
vulnerabilities and phishing campaigns, emphasizing the need for
enhanced security awareness training and robust incident response
planning.</li>
<li><a
href="https://www.trustwave.com/en-us/resources/library/documents/public-sector-threat-briefing-and-mitigation-strategies/">Trustwave</a>
- <a
href="Annual%20Security%20Reports/2024/Trustwave-Public-Sector-Threat-Landscape-2024.pdf">Public
Sector Threat Landscape</a> (2024) - Analyzes the 2024 public sector
threat landscape, focusing on emerging trends and attack vectors. Key
findings highlight the increasing convergence of IT and OT systems in
critical infrastructure, along with a persistent reliance on easily
exploitable methods like phishing and vulnerable supply chains.</li>
<li><a
href="https://www.trustwave.com/en-us/en-us/resources/library/documents/2024-technology-threat-briefing-and-mitigation-strategies/">Trustwave</a>
- <a
href="Annual%20Security%20Reports/2024/Trustwave-Technology-Sector-Threat-Landscape-2024.pdf">Technology
Sector Threat Landscape</a> (2024) - Analyzes the 2024 technology threat
landscape, focusing on emerging trends and attack vectors. Key findings
highlight the persistent threat of ransomware, the increasing
exploitation of third-party supplier vulnerabilities, and a concerning
prioritization of speed over security in software development.</li>
<li><a
href="https://federalnewsnetwork.com/commentary/2024/10/open-source-intelligence-professionalism-distinguishing-osint-from-pro-sint/">United
States Department of Defense</a> - <a
href="Annual%20Security%20Reports/2024/USDoD-OSINT-Strategy-2024.pdf">OSINT
Strategy 20242028</a> (2024) - Outlines the Department of Defenses
approach to open-source intelligence (OSINT) as a vital resource for
decision-makers and warfighters, emphasizing OSINTs role in enhancing
situational awareness and operational effectiveness.</li>
<li><a
href="https://upstream.auto/reports/global-automotive-cybersecurity-report/">Upstream</a>
- <a
href="Annual%20Security%20Reports/2025/Upstream-Global-Automotive-Cybersecurity-Report-2025.pdf">Global
Automotive Cybersecurity Report</a> (2025) - Analyzes the expanding
cybersecurity gap in the automotive and smart mobility sectors. Key
findings reveal a surge in ransomware attacks in 2024 and the increasing
vulnerability of critical infrastructure due to the proliferation of
smart mobility devices.</li>
<li><a
href="https://www.watchguard.com/wgrd-resource-center/security-report-q1-2025">WatchGuard</a>
- <a
href="Annual%20Security%20Reports/2025/WatchGuard-Threat-Report-2025.pdf">Threat
Report</a> (2025) - Analyzes network and endpoint threat activity
observed across WatchGuard security appliances in Q1 2025. Notable
findings include a 171% spike in network-detected malware per device and
a 712% increase in new, unique endpoint malware samples, signaling a
surge in evasive and novel threats.</li>
<li><a
href="https://www.whitehouse.gov/oncd/briefing-room/2024/05/07/fact-sheet-cybersecurity-posture-report/">United
States White House</a> - <a
href="Annual%20Security%20Reports/2024/Whitehouse-Cybersecurity-Posture-of-the-United-States-2024.pdf">Cybersecurity
Posture of the United States</a> (2024) - Analyzes the cybersecurity
posture of the United States in 2024. Key findings highlight evolving
risks to critical infrastructure, the persistent threat of ransomware,
and the increasing exploitation of supply chains alongside the growing
use of commercial spyware and the implications of artificial
intelligence.</li>
</ul>
<h2 id="application-security">Application Security</h2>
<ul>
<li><a
href="https://www.blackduck.com/resources/analyst-reports/software-vulnerability-trends.html">BlackDuck</a>
- <a
href="Annual%20Security%20Reports/2024/BlackDuck-Software-Vulnerability-Snapshot-Report-2024.pdf">Software
Vulnerability Snapshot Report</a> (2024) - Analyzes the 2024 software
vulnerability landscape, focusing on the top ten vulnerability classes
identified. A significant increase in critical-risk vulnerabilities was
observed across multiple sectors, highlighting the urgent need for
enhanced security testing methodologies.</li>
<li><a
href="https://www.blackduck.com/resources/analyst-reports/open-source-security-risk-analysis.html">Blackduck</a>
- <a
href="Annual%20Security%20Reports/2025/BlackDuck-Open-Source-Risk-Analysis-Report-2025.pdf">Open
Source Risk Analysis Report</a> (2025) - Analyzes open source software
risk, detailing findings related to security vulnerabilities, licensing
issues, and component maintenance based on audit data. Significant
findings reveal open source in nearly all codebases (97%), with a
striking 90% containing components over four years out-of-date and 64%
being untrackable transitive dependencies.</li>
<li><a
href="https://get.chainguard.dev/state-of-hardened-container-images-report">Chainguard</a>
- <a
href="Annual%20Security%20Reports/2024/Chainguard-State-of-Hardened-Container-Images-Report-2024.pdf">State
of Hardened Container Images Report</a> (2024) - Focuses on the security
posture of hardened container images, specifically comparing Red Hat UBI
variants with Chainguard Images. The analysis reveals key differences in
image composition and security practices, highlighting the importance of
digital signatures and SBOM inclusion for mitigating software
vulnerabilities in containerized environments.</li>
<li><a
href="https://digital.ai/resource-center/whitepapers/2025-application-security-threat-report/">DigitalAI</a>
- <a
href="Annual%20Security%20Reports/2025/DigitalAI-Application-Security-Threat-Report-2025.pdf">Application
Security Threat Report</a> (2025) - Quantifies evolving risks in modern
application security. Key findings highlight industry trends, attack
data categorized by industry and OS (Android vs. iOS), and regional
variations in attack rates.</li>
<li><a href="https://escape.tech/the-api-secret-sprawl-2024">Escape</a>
- <a
href="Annual%20Security%20Reports/2024/Escape-State-of-API-Exposure-2024.pdf">State
of API Exposure</a> (2024) - Analyzes API security across Fortune 1000
and CAC 40 companies, uncovering 30,000 exposed APIs and 100,000 API
issues, emphasizing risks in large organizations. Key findings reveal
the pervasive nature of API security issues and the need for improved
security measures.</li>
<li><a
href="https://www.gitguardian.com/state-of-secrets-sprawl-report-2025">GitGuardian</a>
- <a
href="Annual%20Security%20Reports/2025/GitGuardian-State-of-Secrets-Sprawl-2025.pdf">State
of Secrets Sprawl</a> (2025) - Analyzes the prevalence of secrets sprawl
in 2024, focusing on the types of secrets exposed and their locations
within software development lifecycles. Key findings reveal that generic
secrets comprise 58% of all detected leaks, private repositories are
eight times more likely to contain secrets than public ones, and
collaboration tools represent a significantly overlooked source of
exposure.</li>
<li><a
href="https://www.grip.security/saas-security-risks-report-2025">Grip</a>
- <a
href="Annual%20Security%20Reports/2025/Grip-SaaS-Security-Risks-Report-2025.pdf">SaaS
Security Risks Report</a> (2025) - Outlines key security risks
associated with the growing adoption of SaaS applications, including
trends in usage across industries and specific SaaS app statistics. Key
findings reveal a significant increase in shadow SaaS deployments and
the rapid growth of AI-powered tools, posing substantial and largely
unmanaged security risks.</li>
<li><a
href="https://www.kodemsecurity.com/lp/report/appsec/workflows">Kodem</a>
- <a
href="Annual%20Security%20Reports/2025/Kodem-State-of-AppSec-Workflow-2025.pdf">State
of AppSec Workflow</a> (2025) - Analyzes application security workflows,
identifying key bottlenecks and pain points in current practices. The
primary bottleneck is remediation, exacerbated by alert fatigue and
inefficient vulnerability triage, highlighting the need for increased
automation and adaptation to modern development environments.</li>
<li><a
href="https://www.legitsecurity.com/blog/announcing-2025-state-of-application-risk-report">LegitSecurity</a>
- <a
href="Annual%20Security%20Reports/2025/LegitSecurity-State-of-Application-Risk-Report-2025.pdf">State
of Application Risk Report</a> (2025) - Examines the current state of
application risk in 2025, focusing on common vulnerabilities and
security testing inefficiencies. Key findings reveal significant issues
with secrets exposure, AI-related risks, and software supply chain
vulnerabilities, highlighting a need for improved security practices
across the software development lifecycle.</li>
<li><a href="https://www.runzero.com/research-report/">RunZero</a> - <a
href="Annual%20Security%20Reports/2024/RunZero-Research-Report-Vol1-2024.pdf">Research
Report</a> (2024) - Examines a broad range of organizational and network
security issues through an innovative asset-centric approach, with a
focus on “dark matter” in networks, segmentation issues, and unusual
asset detection. Key findings highlight the risks associated with
unusual assets and the resurgence of older threats alongside emerging
vulnerabilities, emphasizing the need for specific AI-driven security
solutions.</li>
<li><a
href="https://content.salt.security/state-api-report.html">Salt</a> - <a
href="Annual%20Security%20Reports/2025/Salt-State-of-API-Security-2025.pdf">State
Of API Security</a> (2025) - Highlights the persistent challenges and
evolving landscape of API security, driven by rapid digital
transformation and cloud migration. Despite widespread API adoption and
a nearly universal encounter with security issues, many organizations
struggle with accurate inventory, real-time monitoring, and robust
posture governance, alongside emerging GenAI-driven risks.</li>
<li><a
href="https://www.sonatype.com/resources/whitepapers/2024-open-source-malware-threat-report">Sonatype</a>
- <a
href="Annual%20Security%20Reports/2024/Sonatype-2024-in-Open-Source-Malware-Report-2024.pdf">Open
Source Malware Threat Report</a> (2024) - Examines the proliferation of
open source malware, or malicious open source packages posing
unprecedented risks in the form of software supply chain attacks. Key
highlights include a 156% year-over-year increase in malicious open
source packages, highlighting the growing threat of intentionally
crafted malware in software supply chain attacks.</li>
<li><a href="https://public.cyber.mil/devsecops/">United States
Department of Defense</a> - <a
href="Annual%20Security%20Reports/2025/USDoD-State-of-DevSecOps-2025.pdf">State
of DevSecOps</a> (2025) - Focuses on the adoption of DevSecOps practices
within the United States Department of Defense. A key finding is the Air
Forces launch of a new software directorate, highlighting a move
towards integrating security earlier in the software development
lifecycle.</li>
<li><a
href="https://www.veracode.com/state-of-software-security-report">Veracode</a>
- <a
href="Annual%20Security%20Reports/2024/Veracode-State-of-Software-Security-Report-2024.pdf">State
of Software Security</a> (2024) - Examines trends in application
security, offering insights into common vulnerabilities, secure
development practices, and strategies for improving software security
throughout the development lifecycle. Key findings reveal a high
incidence of security flaws, slow remediation times, and a correlation
between the number of flaws and application size, highlighting the need
for proactive security measures.</li>
<li><a
href="https://www.wallarm.com/reports/q1-2025-wallarm-api-threatstats-report">Wallarm</a>
- <a
href="Annual%20Security%20Reports/2025/Wallarm-API-Threat-Stats-Report-2025.pdf">API
Threat Stats Report</a> (2025) - Examines API security threats in Q1
2025, focusing on the impact of agentic AI systems and evolving
cloud-native infrastructure. Key findings highlight a rapid increase in
API breaches driven by increasingly sophisticated attack vectors and a
surge in software supply chain vulnerabilities.</li>
<li><a
href="https://www.wiz.io/reports/state-of-code-security-2025">Wiz</a> -
<a
href="Annual%20Security%20Reports/2025/Wiz-State-of-Code-Security-2025.pdf">State
of Code Security</a> (2025) - Examines the security posture of code
repositories and CI/CD pipelines, highlighting the deep connection
between code and cloud environments. It reveals that 61% of
organizations have secrets exposed in public repositories , with GitHub
dominating the VCS landscape but also exhibiting a significantly higher
ratio of public repositories with insecure workflow permissions and weak
branch protection.</li>
</ul>
<h2 id="cloud-security">Cloud Security</h2>
<ul>
<li><a
href="https://censys.com/reports/the-2024-state-of-the-internet-report">Censys</a>
- <a
href="Annual%20Security%20Reports/2024/Censys-State-of-the-Internet-2024.pdf">State
of the Internet</a> (2024) - Analyzes the internet exposure of
Industrial Control Systems (ICS), focusing on the vulnerabilities beyond
simple protocol exposure. Key findings reveal a complex security
landscape where human-machine interface vulnerabilities and outdated
protocols pose significant risks, demanding a more nuanced approach to
ICS security.</li>
<li><a
href="https://inthecloud.withgoogle.com/security-threat-intel/subscribe.html">Google
Cloud</a> - <a
href="Annual%20Security%20Reports/2024/Google-Cloud-Threat-Horizons-Report-H12024.pdf">Threat
Horizons Report</a> (2024) - Analyzes the evolving threat landscape for
cloud enterprise users. Key findings highlight the continued dominance
of cryptomining attacks stemming from misconfigured cloud environments
and the increasing sophistication of ransomware and data theft targeting
cloud-based assets.</li>
<li><a
href="https://www.hornetsecurity.com/us/cyber-security-report/">Hornet</a>
- <a
href="Annual%20Security%20Reports/2025/Hornet-Cybersecurity-Report-2025.pdf">Cybersecurity
Report</a> (2025) - Analyzes the current Microsoft 365 threat landscape,
focusing on email security trends and attack techniques. Key findings
reveal a significant increase in sophisticated attacks utilizing brand
impersonation and malicious attachments, with notable variations in
threat levels across different business sectors.</li>
<li><a
href="https://www.ibm.com/security/data-breach/threat-intelligence/">IBM</a>
- <a
href="Annual%20Security%20Reports/2024/IBM-X-Force-Cloud-Threat-Landscape-Report-2024.pdf">X-Force
Cloud Threat Landscape Report</a> (2024) - Analyzes the evolving cloud
threat landscape and its impact across various industries. Key findings
reveal a significant increase in cloud-based attacks targeting SaaS
platforms and a concerning rise in security rule failures within cloud
environments.</li>
<li><a
href="https://sysdig.com/2025-cloud-native-security-and-usage-report/">Sysdig</a>
- <a
href="Annual%20Security%20Reports/2025/Sysdig-Cloud-Native-Security-Report-2025.pdf">Cloud
Native Security and Usage Report</a> (2025) - Analyzes cloud-native
security trends and usage patterns in 2025. Key findings reveal a
significant increase in the adoption of runtime security tools and a
growing focus on securing AI/ML workloads, alongside persistent
challenges in managing identities across human and machine
interactions.</li>
<li><a
href="https://www.wiz.io/reports/cloud-data-security-report-2025">Wiz</a>
- <a
href="Annual%20Security%20Reports/2025/Wiz-Cloud-Data-Security-Snapshot-2025.pdf">Cloud
Data Security Snapshot</a> (2025) - Analyzes current cloud data security
exposure trends. A significant finding reveals that 54% of cloud
environments have exposed assets containing sensitive data, highlighting
the critical need for improved access controls and vulnerability
management.</li>
<li><a href="https://www.wiz.io/state-of-ai-in-the-cloud">Wiz</a> - <a
href="Annual%20Security%20Reports/2025/Wiz-State-of-AI-in-the-Cloud-2025.pdf">State
of AI in the Cloud</a> (2025) - Analyzes the current state of AI in
cloud environments, focusing on adoption rates, security challenges, and
governance issues. Key findings reveal DeepSeeks rapid growth and the
continued dominance of OpenAI, alongside a rising trend of self-hosted
AI deployments and stabilized adoption of AI managed services.</li>
</ul>
<h2 id="vulnerabilities">Vulnerabilities</h2>
<ul>
<li><a
href="https://www.beyondtrust.com/resources/whitepapers/microsoft-vulnerability-report">BeyondTrust</a>
- <a
href="Annual%20Security%20Reports/2024/BeyondTrust-Microsoft-Vulnerability-Report-2024.pdf">Microsoft
Vulnerability Report</a> (2024) - Analyzes the vulnerability landscape
within the Microsoft software ecosystem in 2024. Key findings reveal a
concerning rise in identity-based attacks targeting Microsoft products,
alongside persistent vulnerabilities in legacy applications like
Internet Explorer.</li>
<li><a
href="https://get.chainguard.dev/cost-of-cves-2025-report">Chainguard</a>
- <a
href="Annual%20Security%20Reports/2025/Chainguard-The-Cost-of-CVEs-2025.pdf">The
Cost of CVEs</a> (2025) - Aanalyzes the financial impact of CVE
management on organizations using containerized environments. Key
findings indicate that mid-market organizations can unlock significant
value through decreased risk ($2.8M), increased revenue ($2.2M), and
faster innovation ($3.3M) by improving their CVE management practices
and compliance.</li>
<li><a href="https://www.edgescan.com/stats-report/">Edgescan</a> - <a
href="Annual%20Security%20Reports/2025/Edgescan-Vulnerability-Statistics-Report-2025.pdf">Vulnerability
Statistics Report</a> (2025) - Provides a statistical analysis of
full-stack security and vulnerability trends across diverse
organizations based on 2024 data. Key insights reveal a record 40,009
CVEs published and a 20% increase in publicly exploited vulnerabilities
in 2024, highlighting persistent challenges in patching and the critical
exposure of internal systems.</li>
<li><a
href="https://info.flexera.com/SVM-REPORT-Annual-Vulnerability-Review">Flexera</a>
- <a
href="Annual%20Security%20Reports/2024/Flexera-Annual-Vulnerability-Review-2024.pdf">Annual
Vulnerability Review</a> (2024) - Provides software vulnerability trends
and threat intelligence from 2024. Key findings highlight the
criticality of advisories and their impact, along with an examination of
advisory rejection rates and the prevalence of vulnerabilities across
various assets.</li>
<li><a
href="https://go.synack.com/state-of-vulnerabilities-2024">Synack</a> -
<a
href="Annual%20Security%20Reports/2024/Synack-State-of-Vulnerabilities-Report-2024.pdf">State
of Vulnerabilities Report</a> (2024) - Analyzes trends in software
vulnerabilities affecting large enterprises and government agencies. Key
findings reveal a 180% surge in real-world vulnerability exploitation
across five industries (healthcare, financial services, U.S. federal
government, technology and manufacturing).</li>
<li><a
href="https://www.trustwave.com/en-us/resources/library/documents/2024-trustwave-risk-radar-report-financial-services-sector/">Trustwave</a>
- <a
href="Annual%20Security%20Reports/2024/Trustwave-Financial-Services-Risk-Radar-Report-2024.pdf">Financial
Services Risk Radar Report</a> (2024) - Highlights the evolving threat
landscape for the financial services sector in 2024. Key trends include
the increasing prevalence of insider threats, the mainstream adoption of
phishing-as-a-service, and the continued targeting of financial
institutions by ransomware groups, alongside the emergence of new
threats from cryptocurrency and deepfakes.</li>
</ul>
<h2 id="ransomware">Ransomware</h2>
<ul>
<li><a
href="https://www.guidepointsecurity.com/resources/grit-2025-ransomware-and-cyber-threat-report/">Guidepoint</a>
- <a
href="Annual%20Security%20Reports/2025/Guidepoint-Ransomware-Annual_Report-2025.pdf">GRIT
Ransomware Annual Report</a> (2025) - Analyzes ransomware and cyber
threat trends in 2025, focusing on ransomware taxonomy, threat actors,
and impacted industries. Key findings include an in-depth look at the
RansomHub threat actor and a spotlight on critical infrastructure
vulnerabilities, along with an analysis of post-compromise detection
methods.</li>
<li><a
href="https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/">PaloAlto</a>
- <a
href="Annual%20Security%20Reports/2024/PaloAlto-Ransomware-Review-2024.pdf">Ransomware
Review</a> (2024) - Analyzes ransomware trends during the first half of
2024. Key findings include the impact of law enforcement takedowns on
various threat groups, the emergence of fraudulent activities by some
groups post-takedown, and the observed retirement or transition of
several significant players.</li>
<li><a
href="https://www.veeam.com/resources/wp-2024-ransomware-trends-executive-summary-global.html">Veeam</a>
- <a
href="Annual%20Security%20Reports/2024/Veeam-Ransomware-Trends-2024.pdf">Ransomware
Trends Report</a> (2024) - Analyzes global ransomware trends in 2024,
focusing on recovery challenges and the impact of attacks beyond ransom
payments. Key findings reveal that 67% of organizations lack a recovery
plan, highlighting a significant vulnerability and the substantial,
underestimated costs associated with ransomware incidents.</li>
<li><a
href="https://www.zscaler.com/campaign/threatlabz-ransomware-report">Zscaler</a>
- <a
href="Annual%20Security%20Reports/2024/Threatlabz-Ransomware-Report-2024.pdf">ThreatLabz
State of Ransomware Report</a> (2024) - A comprehensive analysis of
global ransomware trends, examining attack techniques, ransom demands,
and strategies for preventing and mitigating ransomware attacks.</li>
</ul>
<h2 id="data-breaches">Data Breaches</h2>
<ul>
<li><a href="https://www.cyentia.com/iris2025/">Cyentia</a> - <a
href="Annual%20Security%20Reports/2025/Cyentia-Information-Risk-Insights-Study-2025.pdf">Information
Risk Insights Study</a> (2025) - Analyzes incident probability and the
increasing risks associated with third-party relationships. A key
finding is that incident probability has almost quadrupled in the last
15 years, driven in part by threat actors exploiting trusted
relationships with external service providers to compromise target
organizations.</li>
<li><a href="https://www.ibm.com/security/data-breach">IBM</a> - <a
href="Annual%20Security%20Reports/2024/IBM-Cost-of-a-Data-Breach-Report-2024.pdf">Cost
of a Data Breach Report</a> (2024) - Analyzes the financial impact of
data breaches in 2024, detailing costs associated with various attack
vectors and recovery efforts. Key findings reveal a significant increase
in the average cost of a breach, driven primarily by extortion attacks
and prolonged recovery times.</li>
<li><a
href="https://www.verizon.com/business/resources/reports/dbir/">Verizon</a>
- <a
href="Annual%20Security%20Reports/2025/Verizon-Data-Breach-Investigations-Report-2025.pdf">Data
Breach Investigations Report</a> (2025) - Analyzes data breach trends
and patterns from 2025. Key findings reveal a significant increase in
social engineering attacks and a persistent reliance on easily
exploitable web application vulnerabilities, highlighting the need for
improved employee security awareness training and robust application
security measures.</li>
<li><a
href="https://www.idtheftcenter.org/publication/2024-data-breach-report/">Identity
Theft Resource Center</a> - <a
href="Annual%20Security%20Reports/2024/ITRC-Annual-Data-Breach-Report-2024.pdf">Annual
Data Breach Report</a> (2024) - Analyzes 2024 data breaches, focusing on
trends in identity theft and compromise notifications. Key findings
reveal a continued high volume of breaches across various sectors, with
little impact observed from current data disclosure requirements.</li>
</ul>
<h2 id="physical-security">Physical Security</h2>
<ul>
<li><a
href="https://www.genetec.com/a/physical-security-report">Genetec</a> -
<a
href="Annual%20Security%20Reports/2025/Genetec-State-of-Physical-Security-2025.pdf">State
of Physical Security</a> (2025) - Analyzes the current state of physical
security, focusing on global trends and challenges in 2025. Key findings
reveal persistent recruiting difficulties, fluctuating budgets impacting
project timelines, and the growing influence of IT in physical security
decisions alongside increasing cloud adoption.</li>
<li><a
href="https://www.securityindustry.org/report/security-megatrends-the-2025-vision-for-the-security-industry/">Security
Industry Association</a> - <a
href="Annual%20Security%20Reports/2025/SIA-Security-Megatrends-2025.pdf">Security
Megatrends</a> (2025) - This report outlines eight key security
megatrends for 2025. Significant trends highlighted include the
increasing importance of AI-driven security automation, the convergence
of IT and OT security, and the democratization of identity and mobile
credentials.</li>
<li><a
href="https://www.nozominetworks.com/ot-iot-cybersecurity-trends-insights-february-2025">Nozomi</a>
- <a
href="Annual%20Security%20Reports/2025/Nozomi-Networks-OT-IoT-Security-Report-2025.pdf">Networks
OT IoT Security Report</a> (2025) - Analyzes operational technology (OT)
and internet of things (IoT) cybersecurity trends in the second half of
2024. Key findings reveal a significant increase in sophisticated
attacks targeting industrial control systems, highlighting the growing
need for robust security measures in critical infrastructure.</li>
<li><a
href="https://www.trustwave.com/en-us/resources/library/documents/2025-trustwave-spiderlabs-research-navigating-cybersecurity-threats-in-manufacturing-complimentary-reports">Trustwave</a>
- <a
href="Annual%20Security%20Reports/2025/Trustwave-Manufacturing-Risk-Radar-Report-2025.pdf">Manufacturing
Risk Radar Report</a> (2025) - Analyzes the evolving threat landscape
for the manufacturing sector in 2025. Key findings highlight the
increasing convergence of IT and OT systems, a persistent rise in
ransomware attacks, and the need for enhanced security measures across
all attack stages.</li>
</ul>
<h2 id="ai-and-emerging-technologies">AI and Emerging Technologies</h2>
<ul>
<li><a
href="https://www.aicd.com.au/innovative-technology/digital-business/artificial-intelligence/governance-of-ai.html">Australian
Institute of Company Directors</a> - <a
href="Annual%20Security%20Reports/2024/AICD-Directors-Introduction-to-AI-2024.pdf">Directors
Introduction to AI</a> (2024) - Provides an overview of artificial
intelligence tailored for directors, highlighting its strategic
implications, governance considerations, and best practices for AI
implementation in organizations.</li>
<li><a
href="https://www.okta.com/resources/whitepaper-the-secure-sign-in-trends-report/">Okta</a>
- <a
href="Annual%20Security%20Reports/2024/Okta-Secure-Sign-in-Trends-Report-2024.pdf">Secure
Sign in Trends Report</a> (2024) - Analyzes multi-factor authentication
(MFA) adoption trends and authenticator usage. Key findings reveal
variations in adoption rates across regions, industries, and
organization sizes, with specific insights into the security and
usability of different authenticator types.</li>
<li><a
href="https://www.zimperium.com/global-mobile-threat-report/">Zimperium</a>
- <a
href="Annual%20Security%20Reports/2024/Zimperium-Global-Mobile-Threat-Report-2024.pdf">Global
Mobile Threat Report</a> (2024) - Analyzes the global mobile threat
landscape and the increasing prevalence of mobile-first attack
strategies. Key findings reveal a surge in mobile phishing (mishing)
attacks targeting specific industries, alongside the growing danger of
malicious sideloaded applications and sophisticated mobile malware.</li>
<li><a
href="https://info.zscaler.com/resources-industry-reports-public-sector-Insights-threatlabz-ai-security-2024">Zscaler</a>
- <a
href="Annual%20Security%20Reports/2024/Threatlabz-AI-Security-Report-2024.pdf">ThreatLabz
AI Security Report</a> (2024) - Analyzes enterprise AI adoption trends
and associated security risks. Key findings reveal a dramatic increase
in AI transactions, alongside a corresponding rise in blocked
transactions, highlighting the growing need for robust AI security
measures across various industries.</li>
</ul>
<h2 id="survey-reports">Survey Reports</h2>
<h2 id="industry-trends">Industry Trends</h2>
<ul>
<li><a
href="https://www.accenture.com/us-en/insights/security/state-cybersecurity-2025">Accenture</a>
- <a
href="Annual%20Security%20Reports/2025/Accenture-State-of-Cybersecurity-2025.pdf">State
of Cybersecurity Resilience</a> (2025) - Analyzes the widening gap
between AI adoption and cybersecurity maturity across global
enterprises. Key findings reveal only 13% of organizations possess
advanced capabilities to defend against AI-driven threats, while just
10% have reached a proactive security posture that significantly reduces
attack risk and technical debt.</li>
<li><a
href="https://www.aon.com/en/insights/reports/2024-intangible-versus-tangible-risks-comparison-report">Aon</a>
- <a
href="Annual%20Security%20Reports/2024/Aon-Intangible-vs-Tangible-Risk-Report-2024.pdf">Intangible
vs. Tangible Risk Report</a> (2024) - Analyzes the evolving risks
associated with intangible assets like AI and intellectual property (IP)
in the context of cybersecurity. Key findings reveal that generative AI
and cybersecurity are top CEO concerns, and new AI regulations may
inadvertently increase litigation related to intellectual property
rights.</li>
<li><a
href="https://www.comptia.org/content/research/cybersecurity-trends-research">CompTIA</a>
- <a
href="Annual%20Security%20Reports/2025/Comptia-State-of-Cybersecurity-2025.pdf">State
of Cybersecurity</a> (2025) - Analyzes the current state of
cybersecurity, focusing on organizational priorities, incident impact,
and workforce development needs. Key findings reveal that cybersecurity
is a high priority for 59% of organizations, yet 56% experienced
significant incident impact, highlighting a critical skills gap and the
growing influence of generative AI on cybersecurity strategies.</li>
<li><a
href="https://www.deloitte.com/global/en/services/risk-advisory/content/future-of-cyber.html">Deloitte</a>
- <a
href="Annual%20Security%20Reports/2024/Deloitte-Future-of-Cyber-Survey-2024.pdf">Future
of Cyber Survey</a> (2024) - Explores the evolving role of cybersecurity
in driving strategic business value. Key findings reveal a growing
influence of CISOs within the C-suite and a deepening integration of
cybersecurity into technology-driven business programs.</li>
<li><a
href="https://www.ferma.eu/publication/global-risk-manager-survey-report-2024/">FERMA</a>
- <a
href="Annual%20Security%20Reports/2024/FERMA-Global-Risk-Manager-Survey-Report-2024.pdf">Global
Risk Manager Survey Report</a> (2024) - Analysis of global risk
management practices across 77 countries and six regional associations.
Key findings reveal a significantly increased focus on corporate
strategy integration and the growing maturity of enterprise risk
management models, particularly concerning sustainability risks.</li>
<li><a
href="https://www.isc2.org/landing/Cyberthreat-Defense-Report">ISC2</a>
- <a
href="Annual%20Security%20Reports/2024/ISC2-Cyberthreat-Defense-Report-2024.pdf">Cyberthreat
Defense Report</a> (2024) - Examines the current state of cyberthreat
defense, including emerging threats and defense strategies across
various industries. Key findings reveal a persistent skills shortage
alongside growing concerns about AIs dual impact on cybersecurity, both
enhancing defenses and creating new attack vectors.</li>
<li><a
href="https://www.knowbe4.com/security-culture-research-report">KnowBe4</a>
- <a
href="Annual%20Security%20Reports/2024/KnowBe4-Cybersecurity-Culture-Report-2024.pdf">Cybersecurity
Culture Report</a> (2024) - Explores the state of cybersecurity culture
in organizations, highlighting trends and best practices across
different sectors. Key findings indicates Security culture greatly
varies across the world, indicating a siloed approach is not
sustainable. problem in our fully connected world</li>
<li><a
href="https://konghq.com/resources/reports/api-security-ai-threats-it-leader-insights-2025">Kong</a>
- <a
href="Annual%20Security%20Reports/2025/Kong-API-Security-Perspectives-2025.pdf">API
Security Perspectives</a> (2025) - Outlines the growing threat of
AI-enhanced attacks on APIs and emphasizes the need for robust API
security measures and the rising risks associated with these new types
of threats.</li>
<li><a
href="https://us.norton.com/blog/emerging-threats/threat-report-q2-2024">Norton</a>
- <a
href="Annual%20Security%20Reports/2024/Norton-Cyber-Safety-Insights-Report-2024.pdf">Cyber
Safety Insights Report</a> (2024) - Provides insights into consumer
cyber safety trends and challenges across various industries. Key
findings reveal that one in four users have been targeted by dating
scams, and nearly one-third have experienced catfishing, highlighting
the significant prevalence of online dating fraud.</li>
<li><a
href="https://go.proofpoint.com/Voice-of-the-CISO-Report.html">Proofpoint</a>
- <a
href="Annual%20Security%20Reports/2024/Proofpoint-Voice-of-the-CISO-Report-2024.pdf">Voice
of the CISO Report</a> (2024) - Insights into the perspectives and
challenges faced by Chief Information Security Officers across different
sectors. Key findings reveal persistent concerns around human error and
insider threats, coupled with growing confidence in navigating evolving
cybersecurity landscapes.</li>
<li><a
href="https://www.pwc.com/us/en/services/consulting/cybersecurity-risk-regulatory/library/global-digital-trust-insights.html">PwC</a>
- <a
href="Annual%20Security%20Reports/2024/PWC-Global-Digital-Trust-Insights-Report-2024.pdf">Global
Digital Trust Insights</a> (2024) - Examines global trends in digital
trust and cybersecurity across various industries. Key findings reveal
cloud security as a top concern despite significant investment,
highlighting a persistent gap in effective management and the increasing
importance of generative AI in cyber defense.</li>
<li><a
href="https://content.salt.security/OstermanReport_LP.html">Salt</a> -
<a
href="Annual%20Security%20Reports/2025/Salt-CISO-and-CIO-Investment-Priorities-2025.pdf">CISO
and CIO Investment Priorities</a> (2025) - Surveys key cybersecurity
investment priorities for CISOs and CIOs in 2025, as detailed in a white
paper by Osterman Research and sponsored by Salt Security. Key findings
highlight shifts in priorities based on evolving threat landscapes and
increased focus on incident response and proactive security
measures.</li>
<li><a
href="https://www.splunk.com/en_us/resources/sans-2024-threat-hunting-survey.html">SANS</a>
- <a
href="Annual%20Security%20Reports/2024/SANS-Cyber-Threat-Hunting-Survey-2024.pdf">SANS
Cyber Threat Hunting Survey</a> (2024) - Provides insights into the
current state of cyber threat hunting across different sectors. Key
findings reveal shifts in attacker tactics, techniques, and procedures
(TTPs), along with variations in methodologies and organizational
approaches to threat hunting.</li>
<li><a
href="https://www.splunk.com/en_us/campaigns/state-of-security.html">Splunk</a>
- <a
href="Annual%20Security%20Reports/2025/Splunk-State-of-Security-2025.pdf">State
Of Security</a> (2025) - Examines the evolving challenges and future
strategies for Security Operations Centers (SOCs). Highlights that
inefficiencies, primarily from excessive tool maintenance and alert
overload, significantly hinder operations, while AI is becoming a key
driver for efficiency despite prevalent trust concerns.</li>
<li><a href="https://www.vanta.com/state-of-trust">Vanta</a> - <a
href="Annual%20Security%20Reports/2024/Vanta-State-of-Trust-Report-2024.pdf">State
of Trust Report</a> (2024) - Explores the growing challenges in building
and maintaining trust for organizations, focusing on security risks,
compliance burdens, and the increasing third-party vendor risks. Key
findings reveal the increasing difficulty of managing compliance
burdens, third-party risks, and the impact of AI adoption on security
posture.</li>
<li><a
href="https://www.verizon.com/business/resources/reports/mobile-security-index/">Verizon</a>
- <a
href="Annual%20Security%20Reports/2024/Verizon-Mobile-Security-Index-2024.pdf">Mobile
Security Index</a> (2024) - Provides insights into mobile and IoT
security risks, focusing on their amplified impact within critical
infrastructure sectors. Key findings reveal a widespread perception of
increased risk across all sectors, with significantly higher breach
risks and impacts observed in critical infrastructure due to high IoT
usage.</li>
<li><a
href="https://www.weforum.org/publications/global-cybersecurity-outlook-2025/">World
Economic Forum</a> - <a
href="Annual%20Security%20Reports/2025/WEF-Global-Cybersecurity-Outlook-2025.pdf">Global
Cybersecurity Outlook</a> (2025) - Provides a global perspective on
cybersecurity trends and challenges exploring the impact of emerging
technologies, geopolitical tensions, and cybercrime. Key findings reveal
a growing complexity in cyberspace, driven by increased digitalization
and interconnectedness, necessitating proactive and adaptive security
strategies.</li>
</ul>
<h2 id="application-security-1">Application Security</h2>
<ul>
<li><a
href="https://www.blackduck.com/resources/analyst-reports/state-of-devsecops.html">BlackDuck</a>
- <a
href="Annual%20Security%20Reports/2024/BlackDuck-Global-State-of-DevSecOps-2024.pdf">Global
State of DevSecOps</a> (2024) - Provides insights into the current state
of DevSecOps, focusing on the impact of AI-assisted coding and evolving
security testing practices. Key findings reveal a significant shift
towards AI-driven security testing, alongside challenges in effectively
interpreting and acting upon resulting security test data.</li>
<li><a
href="https://info.checkmarx.com/future-of-application-security-2024">Checkmarx</a>
- <a
href="Annual%20Security%20Reports/2024/Checkmarx-Future-of-Application-Security-2024.pdf">Future
of Application Security</a> (2024) - Analyizes the current state of
application security and the challenges organizations face. Key findings
reveal a growing disconnect between the increasing complexity of
applications and the resources dedicated to securing them, highlighting
the urgent need for a comprehensive “code-to-cloud” security
approach.</li>
<li><a
href="https://info.checkmarx.com/supply-chain-survey">Checkmarx</a> - <a
href="Annual%20Security%20Reports/2024/Checkmarx-State-of-Software-Supply-Chain-Security-2024.pdf">State
of Software Supply Chain Security</a> (2024) - Provides insights into
current trends in supply chain threats across industries such as banking
and finance, insurance, software, technology, engineering,
manufacturing, industrial, and public sector. Key findings reveal a
significant reliance on Software Composition Analysis (SCA) as a
foundational element, while the adoption of Software Bill of Materials
(SBOMs) and broader interdisciplinary SSCS programs lags behind.</li>
<li><a href="https://cycode.com/state-of-aspm-2025/">Cycode</a> - <a
href="Annual%20Security%20Reports/2025/Cycode-State-of-Application-Security-Posture-Management-2025.pdf">State
of Application Security Posture Management</a> (2025) - Examines
application security challenges and strategies from the perspectives of
CISOs, AppSec Directors, and DevSecOps managers across the UK, US, and
Germany. Key findings reveal inefficiencies strain the relationship
between security and development teams, eroding trust and hindering
productivity.</li>
<li><a href="https://snyk.io/lp/state-of-open-source-2024">Snyk</a> - <a
href="Annual%20Security%20Reports/2024/Snyk-State-of-Open-Source-Security-2024.pdf">State
of Open Source Security</a> (2024) - Examines the current state of open
source security, including trends and challenges across various
industries. Key findings indicate a plateau in OSS security
improvements, with concerning declines in several key areas such as
dependency tracking and a lack of significant year-over-year progress in
supply chain security maturity.</li>
<li><a
href="https://www.traceable.ai/2025-state-of-api-security">Traceable</a>
- <a
href="Annual%20Security%20Reports/2025/Traceable-Global-State-of-API-Security-2025.pdf">Global
State of API Security</a> (2025) - Annual survey gathering insights from
1,548 respondents across 100+ countries on the state of API security.
Key findings reveal a persistent increase in API-related breaches, the
inadequacy of traditional security solutions, and the growing risk posed
by bot attacks and the integration of generative AI.</li>
</ul>
<h2 id="cloud-security-1">Cloud Security</h2>
<ul>
<li><a
href="https://www.crowdstrike.com/en-us/resources/reports/frost-sullivan-recognizes-adaptive-shield-saas-security-innovation/">Crowdstrike</a>
- <a
href="Annual%20Security%20Reports/2025/Crowdstrike-SaaS-Security-Posture-Management-2025.pdf">SaaS
Security Posture Management</a> (2025) - Analyizes the 2024 SaaS
Security Posture Management market, benchmarking companies innovation
and growth potential. Key findings highlight a competitive landscape
with significant growth opportunities and best practices for companies
seeking to improve their security posture.</li>
<li><a
href="https://www.fortinet.com/resources/reports/cloud-security">Fortinet</a>
- <a
href="Annual%20Security%20Reports/2025/Fortinet-Cloud-Security-Report-2025.pdf">Cloud
Security Report</a> (2025) - Examines the state of cloud security,
focusing on deployment strategies, multi-cloud adoption, and prevalent
security concerns. Key findings reveal low confidence in real-time
threat detection and a persistent cybersecurity skills gap, highlighting
the need for increased investment and improved security practices.</li>
<li><a
href="https://cloud.google.com/security/resources/cybersecurity-forecast">Google</a>
- <a
href="Annual%20Security%20Reports/2025/Google-Cybersecurity-Forecast-2025.pdf">Cybersecurity
Forecast 2025</a> (2025) - Insights from Google Cloud leaders on
emerging cybersecurity trends. Key predictions include the continued
rise of ransomware and multifaceted extortion, the increasing use of AI
by attackers, and the persistent threat from state-sponsored actors like
China, Russia, Iran, and North Korea.</li>
<li><a
href="https://cloud.connect.isc2.org/cloud-security-report">ISC2</a> -
<a
href="Annual%20Security%20Reports/2024/ISC2-Cloud-Security-Report-2024.pdf">Cloud
Security Report</a> (2024) - Provides insights into 2024 cloud security
trends and challenges, focusing on multi-cloud environments and the
adoption of DevSecOps. Key findings reveal significant barriers to
advancing cloud maturity, particularly regarding skills gaps and the
complexities of streamlining cloud compliance across multiple
platforms.</li>
<li><a
href="https://www.paloaltonetworks.com/state-of-cloud-native-security">PaloAlto</a>
- <a
href="Annual%20Security%20Reports/2024/PaloAlto-State-of-Cloud-Native-Security-2024.pdf">State
of Cloud Native Security Report</a> (2024) - Examines the current state
of cloud-native security, including trends, challenges, and best
practices across different sectors. Key findings include significant law
enforcement actions against several prominent ransomware groups,
resulting in arrests, takedowns, and the apparent retirement of some
actors, alongside the emergence of new groups and fraudulent
activities.</li>
<li><a
href="https://www.sonatype.com/state-of-the-software-supply-chain/introduction">Sonatype</a>
- <a
href="Annual%20Security%20Reports/2024/Sonatype-State-of-Cloud-Security-2024.pdf">State
of Cloud Security Report</a> (2024) - Provides insights into the state
of cloud security and software supply chain management across different
sectors. Key findings highlight the increasing sophistication of attacks
leveraging shadow downloads to bypass repository managers and the
significant number of compromised packages discovered.</li>
</ul>
<h2 id="identity-security">Identity Security</h2>
<ul>
<li><a
href="https://astrix.security/learn/whitepapers/the-state-of-non-human-identity-security/">Astrix</a>
- <a
href="Annual%20Security%20Reports/2024/Astrix-The-State-of-Non-Human-Identity-Security-2024.pdf">State
of Non Human Identity</a> (2024) - Highlights growing concerns over
non-human identities as attack vectors, limited automation and
visibility into API and third-party connections. Key findings reveal low
confidence in preventing NHI-based attacks, coupled with significant
challenges in managing basic security controls like permissions and API
keys, highlighting a critical need for improved NHI security
practices.</li>
<li><a
href="https://www.conductorone.com/resources/2024-identity-security/">ConductorOne</a>
- <a
href="Annual%20Security%20Reports/2024/ConductorOne-Identity-Security-Outlook-Report-2024.pdf">Identity
Security Outlook Report</a> (2024) - Highlights how increasing
technological and organizational complexity are driving new identity
risks. Key findings reveal increasing budgets for identity and access
management, coupled with a growing adoption of zero standing privileges
to mitigate escalating identity-based threats.</li>
<li><a href="https://www.cyberark.com/threat-landscape/">CyberArk</a> -
<a
href="Annual%20Security%20Reports/2024/CyberArk-Identity-Security-Threat-Landscape-2024.pdf">Identity
Security Threat Landscape Report</a> (2024) - Examines the impact of
cyberattacks on identity, including cyber debt, GenAI, machine
identities, and third- and fourth-party risks. Key findings reveal a
growing “cyber debt” fueled by these factors, highlighting the need for
proactive security strategies.</li>
<li><a
href="https://www.cyberark.com/state-of-machine-identity-security-report/">CyberArk</a>
- <a
href="Annual%20Security%20Reports/2025/CyberArk-State-of-Machine-Identity-Security-Report-2025.pdf">State
of Machine Identity Security Report</a> (2025) - Focuses on the critical
and often-overlooked area of machine identity security. Key findings
reveal that a significant percentage of organizations are concerned
about risks stemming from compromised machine identities (37%) and
expired certificates (36%), highlighting a lack of visibility and
control over secrets management.</li>
<li><a
href="https://www.hypr.com/resources/report-state-of-passwordless">Hypr</a>
- <a
href="Annual%20Security%20Reports/2025/Hypr-State-of-Passwordless-Identity-Assurance-2025.pdf">State
of Passwordless Identity Assurance</a> (2025) - Focuses on the adoption
and impact of passwordless identity assurance. Key findings indicate a
growing momentum for passwordless authentication in the enterprise, with
usage increasing by 10% compared to the previous year.</li>
<li><a
href="https://www.idsalliance.org/white-paper/2024-trends-in-securing-digital-identities/">IDS
Alliance</a> - <a
href="Annual%20Security%20Reports/2024/IDSA-Trends-in-Identity-Security-2024.pdf">2024
Trends in Securing Digital Identities</a> (2024) - Provides insights
into current plans, historical trends, and approaches to cybersecurity
and identity management. Key research found that 22% of businesses see
managing and securing digital identities as the number one priority of
their security program, up from 17% in 2023.</li>
<li><a
href="https://www.manageengine.com/privileged-access-management/identity-threat-and-security-report-2024.html">ManageEngine</a>
- <a
href="Annual%20Security%20Reports/2024/ManageEngine-Identity-Security-Insights-2024.pdf">Identity
Security Survey</a> (2024) - Explores global identity security readiness
across industries and roles, examining the rising tide of AI-driven
phishing, social engineering, and credential theft. Key findings reveal
a significant gap between perceived and actual IT ecosystem visibility
and control, highlighting the urgent need for improved identity security
posture across organizations.</li>
<li><a
href="https://omadaidentity.com/resources/analyst-reports/state-of-iga/">Omada</a>
- <a
href="Annual%20Security%20Reports/2025/Omada-State-of-Identity-Governance-2025.pdf">State
Of Identity Governance</a> (2025) - Focuses on the state of identity
governance in large organizations, leveraging insights from a survey of
IT and business leaders. Despite increased cybersecurity funding,
organizations struggle with high IGA total cost of ownership and
persistent excessive access permissions, driving a demand for modern
cloud-based, AI-driven solutions to automate manual processes.</li>
<li><a
href="https://orca.security/lp/2025-state-of-cloud-security-report/">Orca</a>
- <a
href="Annual%20Security%20Reports/2025/Orca-State-of-Cloud-Security-2025.pdf">State
of Cloud Security Report</a> (2025) - Analyzes security challenges in
multi-cloud environments, with a focus on AI risk, data exposure, and
neglected assets. Key findings reveal that 62% of organizations have at
least one vulnerable AI package, 38% expose sensitive databases to the
public, and 13% possess a single asset with over 1,000 potential attack
paths.</li>
<li><a
href="https://pushsecurity.com/resources/2024-identity-attacks">PushSecurity</a>
- <a
href="Annual%20Security%20Reports/2024/PushSecurity-Identity-Attacks-2024.pdf">Identity
Attacks</a> (2024) - Highlights that 2024 is seeing a rise in
identity-based attacks, as attackers increasingly target vulnerable
identities now that identity has become the new security perimeter. Key
findings reveal a significant increase in account takeovers via
exploited identities, highlighting the evolving attack landscape and the
substantial financial gains for perpetrators.</li>
<li><a
href="https://www.sailpoint.com/identity-security-adoption">SailPoint</a>
- <a
href="Annual%20Security%20Reports/2024/SailPoint-Horizons-of-Identity-Security-2024.pdf">Horizons
of Identity Security</a> (2024) - Explores the evolving landscape of
identity security, emphasizing its role in mitigating cyber risks while
enhancing business value and productivity. Key findings highlight the
potential for strategic investments to improve security posture and
deliver higher returns, particularly among organizations demonstrating
advanced maturity levels.</li>
<li><a
href="https://www.semperis.com/ransomware-holiday-risk-report/">Semperis</a>
- <a
href="Annual%20Security%20Reports/2024/Semperis-Ransomware-Holiday-Risk-Report-2024.pdf">Ransomware
Holiday Risk Report</a> (2024) - Focuses on the increased risk of
ransomware attacks during holidays and times of corporate upheaval. A
key finding indicates that 63% of organizations experiencing corporate
upheaval also experienced a ransomware attack, highlighting the
opportunistic nature of threat actors.</li>
<li><a
href="https://www.semperis.com/ransomware-risk-report/">Semperis</a> -
<a
href="Annual%20Security%20Reports/2024/Semperis-Ransomware-Risk-Report-2024.pdf">Ransomware
Risk Report</a> (2024) - Analyzes the future challenges and next steps
organizations are planning to take in response to the current
cybersecurity landscape. A key finding is that despite the significant
damage caused by ransomware, only 29% of surveyed organizations plan to
increase their security budgets in the next year, with notable
variations across countries (US: 28%, UK: 45%).</li>
<li><a
href="https://www.varonis.com/blog/the-identity-crisis-research-report">Varonis</a>
- <a
href="Annual%20Security%20Reports/2024/Varonis-The-Identity-Crisis-2024.pdf">The
Identity Crisis</a> (2024) - Analyzes the prevalence of cyberattacks in
2024, focusing on the crucial role of stolen identities. The report
reveals that credential stuffing and similar methods are the most common
attack vectors, enabling attackers to maintain undetected access for
extended periods to exploit vulnerabilities and exfiltrate sensitive
data.</li>
</ul>
<h2 id="penetration-testing">Penetration Testing</h2>
<ul>
<li><a
href="https://www.bugcrowd.com/resources/report/the-total-economic-impact-of-bugcrowd-managed-bug-bounty/">Bugcrowd</a>
- <a
href="Annual%20Security%20Reports/2024/Forrester-The-Total-Economic-Impact-Of-Bugcrowd-Managed-BugBounty-2024.pdf">The
Total Economic Impact Of Bugcrowd Managed Bug Bounty</a> (2024) -
Analyzes the economic benefits and impacts of Bugcrowds managed bug
bounty programs, supported by data-driven insights from Forrester. Key
findings reveal significant cost savings through early vulnerability
detection and remediation, exceeding the programs cost by a substantial
margin.</li>
<li><a
href="https://resource.cobalt.io/state-of-pentesting-2025">Cobalt</a> -
<a
href="Annual%20Security%20Reports/2025/Cobalt-State-of-Pentesting-2025.pdf">State
of Pentesting</a> (2025) - Offers an overview of the current state of
penetration testing, including trends, challenges, and best practices
across various industries. A key finding reveals a significant increase
in manual penetration testing alongside the emergence of AI-driven
attacks and vulnerabilities, necessitating a refined pentesting maturity
model.</li>
<li><a
href="https://www.fortra.com/services/consulting/cybersecurity/penetration-testing">Fortra</a>
- <a
href="Annual%20Security%20Reports/2024/Fortra-Pentesting-Report-2024.pdf">Penetration
Testing Report</a> (2024) - Provides insights into the current landscape
of penetration testing, including common vulnerabilities and
industry-specific challenges. Key findings reveal a growing reliance on
third-party services, coupled with increasing concerns about phishing
attacks and the need for more frequent testing across diverse
environments.</li>
<li><a
href="https://www.hackerone.com/resources/reporting/8th-hacker-powered-security-report">HackerOne</a>
- <a
href="Annual%20Security%20Reports/2024/HackerOne-Hacker-Powered-Security-Report-2024.pdf">Hacker
Powered Security Report</a> (2024) - Explores the state of
hacker-powered security, including trends in bug bounty programs and
vulnerability disclosure across industries. Key findings highlight the
expanding expertise of security researchers into AI, APIs, and an
emphasis on layered security defenses.</li>
<li><a
href="https://www.nccgroup.com/us/research-blog/ncc-group-s-2024-annual-research-report/">NCC
Group</a> - <a
href="Annual%20Security%20Reports/2024/NCCGroup-Annual-Research-Report-2024.pdf">Annual
Research Report</a> (2024) - Highlights NCC Groups 25 years of
research, covering topics from cryptography to hardware and embedded
systems. Key highlights include pioneering research, innovative tools,
and active community engagement, showcasing a year of significant
advancements in the field.</li>
</ul>
<h2 id="privacy-and-data-protection">Privacy and Data Protection</h2>
<ul>
<li><a
href="https://www.cisco.com/c/en/us/about/trust-center/data-privacy-benchmark-study.html">Cisco</a>
- <a
href="Annual%20Security%20Reports/2024/Cisco-Privacy-Benchmark-Study-2024.pdf">Data
Privacy Benchmark Study</a> (2024) - Provides insights into data privacy
trends, challenges, and breaches across various industries. Key findings
reveal strong global support for privacy laws, yet slow progress on
transparency and AI readiness alongside growing concerns regarding data
usage in Generative AI.</li>
<li><a
href="https://www.code42.com/content/2024-data-exposure">Code42</a> - <a
href="Annual%20Security%20Reports/2024/Code42-Annual-Data-Exposure-Report-2024.pdf">Annual
Data Exposure Report</a> (2024) - Highlights insider threat risks and
trends based on insights from over 700 security professionals. Key
findings reveal a significant increase in insider-driven data loss and
the growing influence of emerging technologies on data exposure
trends.</li>
<li><a href="https://drata.com/resources/reports/grc-trends">Drata</a> -
<a
href="Annual%20Security%20Reports/2025/Drata-State-of-GRC-2025.pdf">State
of GRC</a> (2025) - Focuses on the evolving role of Governance, Risk
Management, and Compliance (GRC), transitioning from a cost center to a
strategic business driver. A key finding highlights the challenges GRC
teams face in balancing compliance complexity and business growth,
including concerns about AI hallucinations providing improper GRC
guidance.</li>
<li><a
href="https://hyperproof.io/q1-2025-readers-digest-benchmark-report/">Hyperproof</a>
- <a
href="Annual%20Security%20Reports/2025/Hyperproof-IT-Risk-and-Compliance-Benchmark-Report-2025.pdf">IT
Risk and Compliance Benchmark Report</a> (2025) - Examines the state of
IT risk and compliance, focusing on the maturation of GRC programs and
trends in framework adoption. Key findings reveal the maturing of GRC
programs, evolving framework adoption, and the increasing significance
of third-party risk management as a major concern.</li>
<li><a
href="https://www.immuta.com/resources/2025-state-of-data-security-report/">Immuta</a>
- <a
href="Annual%20Security%20Reports/2025/Immuta-State-of-Data-Security-Report-2025.pdf">State
of Data Security Report</a> (2025) - A survey of 700+ data professionals
examines the current state of data security, including challenges,
trends, and best practices across various industries. Key findings
reveal that security and access remain top concerns amidst growing data
demands, with people, processes, and technology all contributing to the
complexities.</li>
<li><a
href="https://www.isaca.org/resources/reports/state-of-privacy-2025">ISACA</a>
- <a
href="Annual%20Security%20Reports/2025/ISACA-State-of-Privacy-2025.pdf">State
of Privacy</a> (2025) - Outlines key trends in global privacy practices,
including staffing needs, budget constraints, and the increasing
integration of AI in privacy operations. Key findings reveal significant
skill gaps and difficulties in staff retention, coupled with increasing
reliance on AI for privacy initiatives and a growing concern over
privacy breaches.</li>
<li><a
href="https://www.kiteworks.com/report-2025-forecast-for-managing-private-content-exposure-risk/">Kiteworks</a>
- <a
href="Annual%20Security%20Reports/2025/Kiteworks-Forecast-for-Managing-Private-Content-Exposure-Risk-2025.pdf">Forecast
for Managing Private Content Exposure Risk</a> (2025) - Outlines 12
predictions for managing private content exposure risk, based on
cybercrime, cybersecurity, and compliance trends focusing on sensitive
content communications. Key predictions highlight the evolving global
data privacy landscape, the increasing importance of secure content
collaboration, and the need for robust API security to manage these
risks effectively.</li>
<li><a
href="https://www.proofpoint.com/us/resources/threat-reports/data-loss-landscape">Proofpoint</a>
- <a
href="Annual%20Security%20Reports/2024/Proofpoint-Data-Loss-Landscape-2024.pdf">Data
Loss Landscape</a> (2024) - Provides an overview of the data loss
landscape, including trends and challenges faced by organizations across
various industries. Key findings reveal significant financial costs
associated with data breaches stemming from malicious and negligent
insiders, highlighting a critical need for improved data loss prevention
strategies.</li>
<li><a
href="https://go.proofpoint.com/2024-Frost-Radar-for-Email-Security.html">Proofpoint</a>
- <a
href="Annual%20Security%20Reports/2024/Proofpoint-Global-Email-Security-Market-Report-2024.pdf">Global
Email Security Market Report</a> (2024) - Benchmarks 21 top email
security vendors, highlighting growth opportunities and market trends.
Key findings highlight the significant pressure on vendors to adapt to
the rapidly evolving threat landscape and maintain solution
efficacy.</li>
</ul>
<h2 id="ransomware-1">Ransomware</h2>
<ul>
<li><a
href="https://www.cybereason.com/ransomware-the-true-cost-to-business-2024">Cyberreason</a>
- <a
href="Annual%20Security%20Reports/2024/Cyberreason-Ransomware-The-True-Cost-to-Business-2024.pdf">Ransomware
The True Cost to Business</a> (2024) - Examines the true cost of
ransomware attacks on businesses across different sectors. Key findings
reveal the evolution of ransomware beyond simple data encryption,
highlighting its increasingly sophisticated methods and the significant
financial and operational consequences for victims.</li>
<li><a
href="https://www.sophos.com/en-us/content/state-of-ransomware">Sophos</a>
- <a
href="Annual%20Security%20Reports/2025/Sophos-State-of-Ransomware-2025.pdf">State
Of Ransomware</a> (2025) - Outlines the state of ransomware in 2025,
examining technical and operational attack vectors, data handling, and
the financial and human costs of incidents. Notably, data encryption
rates are at a six-year low of 50%, and median ransom payments dropped
by 50%, though exploited vulnerabilities remain the leading attack
vector.</li>
<li><a
href="https://spycloud.com/resource/2024-malware-ransomware-defense-report/">Spycloud</a>
- <a
href="Annual%20Security%20Reports/2024/Spycloud-Ransomware-Defense-Report-2024.pdf">Ransomware
Defense Report</a> (2024) - Examines malware and ransomware defense
strategies and trends across different sectors. Key findings reveal a
resurgence in ransomware attacks and highlight the increasing
sophistication of malware, including stealthy stealers and the
significant risk posed by third-party exposures.</li>
</ul>
<h2 id="ai-and-emerging-technologies-1">AI and Emerging
Technologies</h2>
<ul>
<li><a
href="https://www.cisco.com/c/en/us/products/security/state-of-ai-security.html">Cisco</a>
- <a
href="Annual%20Security%20Reports/2025/Cisco-State-of-AI-Security-2025.pdf">State
of AI Security</a> (2025) - Analyzes the emerging AI security risks and
attack vectors within the AI threat landscape. Key findings reveal a
growing need for proactive AI security research and the development of
robust policies to mitigate these risks.</li>
<li><a href="https://hiddenlayer.com/threatreport2024/">HiddenLayer</a>
- <a
href="Annual%20Security%20Reports/2024/HiddenLayer-AI-Threat-Landscape-Report-2024.pdf">AI
Threat Report</a> (2024) - Provides insights into the AI threat
landscape across various industries. Key findings highlight the
increasing threats of adversarial AI attacks, including deepfakes and
data privacy breaches, and the vulnerabilities of AI-based systems to
supply chain attacks.</li>
<li><a
href="https://www.iconiqcapital.com/growth/reports/2025-state-of-ai">ICONIQ</a>
- <a
href="Annual%20Security%20Reports/2025/Iconiq-The-AI-Builders-Playbook-2025.pdf">The
AI Builders Playbook</a> (2025) - Focuses on the “how-to” of conceiving,
delivering, and scaling AI-powered offerings, including product roadmap,
go-to-market strategies, talent, cost management, and internal
productivity. Key findings indicate that AI-native companies are rapidly
scaling products, with agentic workflows being the most common type of
AI product built by 80% of AI-native companies, while model accuracy and
the increasing importance of cost are top considerations for
foundational models.</li>
<li><a href="https://spaces.okta.com/story/ai-at-work/page/1">Okta</a> -
<a href="Annual%20Security%20Reports/2025/Okta-AI-at-Work-2025.pdf">AI
at Work</a> (2025) - Focuses on the perspectives of C-suite executives
regarding the transformative impact of artificial intelligence (AI) on
security, innovation, and efficiency within organizations. Key findings
reveal executive sentiment, concerns, and priorities regarding AI
implementation, highlighting varying levels of understanding and
integration across different organizations.</li>
<li><a href="https://www.wiz.io/reports/ai-security-readiness">Wiz</a> -
<a
href="Annual%20Security%20Reports/2025/Wiz-AI-Security-Readiness-2025.pdf">AI
Security Readiness</a> (2025) - Analyzes the current state of AI
security readiness among cloud architects, engineers, and security
leaders, highlighting critical gaps. Key findings reveal widespread AI
adoption is significantly outpacing the development of in-house security
expertise and the implementation of AI-specific posture management
tools, leading to substantial visibility challenges like shadow AI.</li>
</ul>
<h2 id="resources">Resources</h2>
<p>Annual reports are the result of a collaborative effort, combining
research from both paid and non-profit sources, drawn from within the
organization and the broader cybersecurity community. These reports rely
on the contributions of various organizations that help shape the field
by setting standards, offering certifications, conducting research, and
influencing policy.</p>
<p>The categories below highlight the diverse roles these organizations
play in building cybersecurity programs and advancing best practices. By
exploring these groups, readers can gain insight into the ecosystem that
underpins the development of annual reports and drives progress in the
industry.</p>
<p><strong><a href="#research-consulting">Research
Consulting</a>:</strong> These are organizations that offer paid
research services, market analysis, and consulting in the field of
information technology and cybersecurity.</p>
<p><strong><a href="#standards-and-certifications">Standards and
Certifications</a>:</strong> Organizations involved in setting
cybersecurity standards, providing certifications, and creating
frameworks for best practices.</p>
<p><strong><a href="#threat-intelligence-and-incident-response">Threat
Intelligence and Incident Response</a>:</strong> Organizations focused
on sharing threat intelligence, coordinating cyber incident responses,
and combating cyber threats.</p>
<p><strong><a href="#policy-and-advocacy">Policy and
Advocacy</a>:</strong> Institutions shaping cybersecurity policies,
regulations, and public awareness on a national or international
scale.</p>
<p><strong><a href="#working-groups">Working Groups</a>:</strong> These
are collaborative organizations or professional associations that
conduct research, share information, and develop best practices in
cybersecurity.</p>
<p><strong><a href="#government-and-non-profits">Government and
Non-profits</a>:</strong> This category includes government agencies and
non-profit organizations dedicated to cybersecurity research, policy
development, and public awareness.</p>
<h2 id="research-consulting">Research Consulting</h2>
<ul>
<li><a href="https://www.451research.com/">451 Research</a> - A
technology research and advisory firm specializing in emerging
technology segments including cybersecurity market analysis and
trends.</li>
<li><a href="https://www.abiresearch.com/">ABI Research</a> - A
technology market intelligence company providing strategic guidance on
transformative technologies, including cybersecurity and digital
security.</li>
<li><a href="https://www.forrester.com/">Forrester Research</a> - An
advisory company that offers paid research, consulting, and event
services specialized in market research for information technology.</li>
<li><a href="https://www.frost.com/">Frost &amp; Sullivan</a> - A
consulting firm offering market research and analysis in cybersecurity,
with particular focus on emerging technologies and market
opportunities.</li>
<li><a href="https://www.gartner.com/">Gartner</a> - A technology
research and consulting firm which offers private paid consulting as
well as executive programs and conferences.</li>
<li><a href="https://gigaom.com/">GigaOm</a> - A research firm offering
practical, hands-on, practitioner-driven research for businesses.</li>
<li><a href="https://www.idc.com/">International Data Corporation
(IDC)</a> - A global provider of market intelligence and advisory
services.</li>
<li><a href="https://www.kuppingercole.com/">KuppingerCole</a> - A
global analyst company specializing in information security, identity
&amp; access management, and risk management.</li>
<li><a href="https://omdia.tech.informa.com/">Omdia</a> - A global
technology research powerhouse focusing on cybersecurity market analysis
and digital transformation.</li>
</ul>
<h2 id="standards-and-certifications">Standards and Certifications</h2>
<ul>
<li><a href="https://us.aicpa.org/">American Institute of CPAs</a> - The
AICPA SOC2 is a framework for managing and safeguarding customer data
based on five trust service criteria: Security, Availability, Processing
Integrity, Confidentiality, and Privacy.</li>
<li><a href="https://www.securityforum.org/">The Information Security
Forum (ISF)</a> - A global, independent organization dedicated to
benchmarking and sharing best practices in information security.</li>
<li><a href="https://www.iso.org/">The International Organization for
Standardization (ISO)</a> - An international organizational body
composed of representatives which conduct closed research for creation
of standards.</li>
<li><a href="https://www.isaca.org/">The Information Systems Audit and
Control Association (ISACA)</a> - An international professional
association focused on IT governance, which conducts research for and on
behalf of the members.</li>
<li><a href="https://www.isc2.org/">The International Information System
Security Certification Consortium (ISC)²</a> - An American
not-for-profit organization which conducts research for consumers of
their cybersecurity training and certifications.</li>
<li><a href="https://www.sans.org/">SANS Institute</a> - A private U.S.
for-profit company which conducts research for consumers of their
cybersecurity training and certifications.</li>
<li><a href="https://trustedcomputinggroup.org/">Trusted Computing Group
(TCG)</a> - Develops and promotes open standards for hardware-enabled
security.</li>
</ul>
<h2 id="threat-intelligence-and-incident-response">Threat Intelligence
and Incident Response</h2>
<ul>
<li><a href="https://apwg.org/">The Anti-Phishing Working Group
(APWG)</a> - A global coalition focused on unifying the global response
to cybercrime.</li>
<li><a href="https://www.cyberthreatalliance.org/">The Cyber Threat
Alliance (CTA)</a> - An industry-driven group of cybersecurity
organizations that share threat intelligence and conduct collaborative
research to combat cyber threats.</li>
<li><a href="https://www.first.org/">The Forum of Incident Response and
Security Teams (FIRST)</a> - Provides platforms, means and tools for
incident responders to always find the right partner and to collaborate
efficiently.</li>
<li><a href="https://globalcyberalliance.org/">The Global Cyber Alliance
(GCA)</a> - An international, cross-sector effort dedicated to reducing
cyber risk.</li>
<li><a href="https://www.m3aawg.org/">The Messaging, Malware and Mobile
Anti-Abuse Working Group (M3AAWG)</a> - Focuses on operational issues of
Internet abuse including botnets, malware, spam, viruses, and mobile
messaging abuse.</li>
<li><a href="https://www.ponemon.org/">Ponemon Institute</a> -
Considered the pre-eminent research center dedicated to privacy, data
protection and information security policy.</li>
</ul>
<h2 id="policy-and-advocacy">Policy and Advocacy</h2>
<ul>
<li><a href="https://www.rand.org/">The Rand Corporation</a> - An
American not-for-profit organization which conducts research and
analysis on various aspects of cybersecurity and cyber policy focused on
national security.</li>
<li><a
href="https://www.csis.org/programs/technology-policy-program">Center
for Strategic and International Studies (CSIS) - Technology Policy
Program</a> - A think tank with a Technology Policy Program that
conducts research and provides insights into technology and
cybersecurity policies.</li>
<li><a href="https://www.eff.org/">Electronic Frontier Foundation
(EFF)</a> - A non-profit organization defending civil liberties in the
digital world, including privacy and cybersecurity issues.</li>
<li><a href="https://isalliance.org/">The Internet Security Alliance
(ISA)</a> - A multi-sector trade association focused on thought
leadership, policy advocacy, and standards development for
cybersecurity.</li>
<li><a href="https://www.weforum.org/centre-for-cybersecurity">World
Economic Forum (Centre for Cybersecurity)</a> - A global initiative that
brings together stakeholders from industry, government, and academia to
improve cybersecurity globally and secure the digital economy.</li>
</ul>
<h2 id="working-groups">Working Groups</h2>
<ul>
<li><a href="https://cloudsecurityalliance.org/">The Cloud Security
Alliance (CSA)</a> - Promotes best practices for providing security
assurance within cloud computing.</li>
<li><a href="https://www.ietf.org/">The Internet Engineering Task Force
(IETF)</a> - Develops and promotes internet standards, including those
related to security.</li>
<li><a href="https://owasp.org/">The Open Web Application Security
Project (OWASP)</a> - A professional community that produces research
concerning web application security, made freely available to the online
community.</li>
<li><a href="https://www.cisa.gov/icsjwg">Industrial Control Systems
Joint Working Group (ICSJWG)</a> - Facilitates information sharing and
collaboration for cybersecurity in industrial control systems.</li>
<li><a href="https://openssf.org/">The Open Source Security Foundation
(OpenSSF)</a> - A cross-industry collaboration to improve the security
of open source software.</li>
<li><a href="http://www.webappsec.org/">Web Application Security
Consortium (WASC)</a> - An international group of experts, industry
practitioners, and organizational representatives who produce security
standards and research.</li>
</ul>
<h2 id="government-and-non-profits">Government and Non-profits</h2>
<ul>
<li><a href="https://www.cyber.gov.au/">Australian Cyber Security Centre
(ACSC)</a> - Provides cyber security advice and support to Australian
businesses and individuals.</li>
<li><a href="https://cyber.gc.ca/en/">Canadian Centre for Cyber
Security</a> - Canadas national authority on cybersecurity.</li>
<li><a href="https://www.cisecurity.org/">Center for Internet Security
(CIS)</a> - An American non-profit organization that provides
cybersecurity solutions and best practices.</li>
<li><a href="https://www.cisa.gov/">Cybersecurity and Infrastructure
Security Agency (CISA)</a> - A U.S. government agency responsible for
enhancing the security and resilience of the nations critical
infrastructure.</li>
<li><a href="https://www.csfi.us/">Cybersecurity Forum Initiative
(CSFI)</a> - An American non-profit organization that promotes
cybersecurity awareness and research.</li>
<li><a href="https://cyberpeaceinstitute.org/">Cyber Peace Institute</a>
- A non-profit organization focused on reducing the impact of
cyberattacks on civilians and promoting peace in cyberspace by
supporting international cooperation and collective action.</li>
<li><a href="https://www.enisa.europa.eu/">European Union Agency for
Cybersecurity (ENISA)</a> - A European Union agency that contributes to
EU cybersecurity policy, enhances trust in digital services, and
supports incident response capabilities across Europe.</li>
<li><a
href="https://www.europol.europa.eu/activities-services-main/areas-interest/european-cybercrime-centre-ec3">Europol
- European Cybercrime Centre (EC3)</a> - A strategic alliance focused on
combating cybercrime within the European Union.</li>
<li><a href="https://www.bsi.bund.de/">German Federal Office for
Information Security (BSI)</a> - Germanys national cyber security
authority providing IT security services and guidance.</li>
<li><a href="https://www.abetterinternet.org/">Internet Security
Research Group (ISRG)</a> - A non-profit organization focused on
reducing financial, technological, and educational barriers to secure
communication over the Internet.</li>
<li><a href="https://www.nisc.go.jp/eng/">Japan National Center of
Incident Readiness and Strategy for Cybersecurity (NISC)</a> - Japans
central organization for national cybersecurity strategy and incident
response.</li>
<li><a href="https://www.kisa.or.kr/eng/">Korean Internet &amp; Security
Agency (KISA)</a> - South Koreas government agency dedicated to
promoting cybersecurity and a safer internet environment.</li>
<li><a href="https://www.mitre.org/">MITRE Corporation</a> - An American
not-for-profit organization which conducts research and development
supporting various U.S. government agencies.</li>
<li><a href="https://www.ncsc.gov.uk/">National Cyber Security Centre
(NCSC)</a> - The UKs technical authority for cyber incidents.</li>
<li><a href="https://www.ncsc.nl/english">National Cyber Security Centre
- Netherlands (NCSC-NL)</a> - The Dutch national cyber security center
providing guidance and incident response.</li>
<li><a href="https://www.nist.gov/cybersecurity">National Institute of
Standards and Technology (NIST)</a> - A U.S. agency that develops
cybersecurity standards and guidelines.</li>
<li><a href="https://nsm.no/en/">Norwegian National Security Authority
(NSM)</a> - Norways expert body for information and object security,
providing guidance and incident response capabilities.</li>
<li><a href="https://www.csa.gov.sg/">Singapore Cyber Security Agency
(CSA)</a> - Singapores national agency overseeing cybersecurity
strategy and development.</li>
</ul>
<h2 id="contributing">Contributing</h2>
<p><a href="CONTRIBUTING.md">Please refer to the guidelines at
CONTRIBUTING.md for details</a>.</p>
<p><a
href="https://github.com/jacobdjwilson/awesome-annual-security-reports">annualsecurityreports.md
Github</a></p>
Reference in New Issue View Git Blame Copy Permalink