Industry Statistical & Metrics Reports

Below you will find links to many of the metrics and statistical reports I use when discussing the state of information security. Many of the typical suspects are here – DDoS, Ransomware, SPAM, Insider Threats, and DevOps – all of the normal data points most of us look for. However, you’ll also find some outliers – the Market Size estimates, US Labor stats on industry size growth and salary ranges, and those ever-so-slightly esoteric statistics that seem to be impossible to find when you need them in a crunch.

Be forewarned, many of these sites will require you to provide your contact information before downloading the reports, however, depending on what you are looking for, it may be worth the price of admission.

As always, I encourage you to send me the ones you find useful and I’ll include them. Contact me here.

Dedicated Research and Vendor Metrics Pages

Crowdstrike’s Threat Reports : Attack & Threat Reports
Cybersecurity Ventures : Cybercrime Research Center
Deloitte’s Cyber Perspectives : Cybersecurity Strategy & Insights
ESET’s WeLive Security : Threat and research Reports
EY’s ‘Latest Thinking’ on Cybersecurity : Cybersecurity Strategy Reports

Kaspersky’s Securelist : Cyberthreat & Research Reports
KPMG Insights : Management Cybersecurity Insights
PwC’s Cybersecurity Library : Cybersecurity and Privacy Reports

Individual Metrics Reports

Table last updated on February 1, 2021

Hint: Shift-click to sort by multiple columns.

Year	Publisher	Name	Keyword
2020	Accenture	2020 Cyber Threatscape Report	Threat
2020	Beyondtrust	Microsoft Vulnerabilities Report 2020	Vulnerability
2020	Bureau of Labor and Statistics (US)	2020 United States Department of Labor Information Security Statistics	Leadership
2020	Cybersecurity Insiders	2020 Threat Hunting Report	Threat, Breach, Risk
2020	Dragos	2020 ICS Manufacturing Threat Perspective	Threat
2020	Duo	2020 Duo Trusted Access Report	Password, MFA
2020	ESET	ESET Threat Report Q2 2020	Threat
2020	ESET	ESET Threat Report Q1 2020	Threat
2020	EY	EY Global Information Security Survey	Breach, Leadership
2020	Greathorn	2020 Email Security Benchmark Report	Email, Phish
2020	IBM	2020 Cost of Insider Threats	Insider
2020	IBM	2020 Cost of a Data Breach Report	Breach
2020	IBM	A Programmatic Approach to Vulnerability Management for Hybrid Multicloud	Vulnerability, Cloud
2020	INFORMS	The Influence of Professional Subculture on Information Security Policy Violations in Healthcare	Leadership, Healthcare, Policy
2020	ISC2	2020 Cybersecurity Workforce Study	Leadership
2020	ISSA/ESG	The Impact of the COVID-19 Pandemic on Cybersecurity	Leadership, COVID
2020	Kasperski	Kasperski Publications	Threat, DDoS, Breach, Malware, Email
2020	KPMG	Oracle and KPMG Cloud Threat Report 2020	Cloud
2020	The Linux Foundation	2020 FOSS Contributor Survey	Linux, Open Source
2020	mimecast	The State of Email Security 2020	Email, Phish
2020	nCipher	2020 Global Encryption Trends Study	Encryption
2020	Netsparker	State of Application Security	AppSec, DevOps
2020	netwrix	2020 Cyber Threats Report	Threat
2020	netwrix	2020 Data Risk & Security Report	Threat
2020	Nokia	Threat Intelligence Report 2020	Threat
2020	Orca Security	2020 State of Virtual Appliance Security Report	Vulnerability, Risk
2020	Puppet	2020 State of DevOps Report	DevOps
2020	Risk Based Security	2020 Mid Year Data Breach QuickView Report	Breach
2020	Securonix	2020 Insider Threat Report	Insider
2020	SIRP	2020 Security Analysts Survey	SOC, Threat
2020	Smartbear	State of API 2020 Report	AppSec, DevOps
2020	Sonatype	6th Annual State of the Software Supply Chain Report	Supply Chain
2020	Statista	Size of the cybersecurity market cap worldwide	Market
2020	Synopsys	2020 Open Source Security and Risk Analysis (OSSRA) Report	AppSec
2020	Tessian	The Psychology of Human Error 2020	Breach
2020	Tessian	The State of Data Loss Prevention 2020	Breach
2020	Tripwire	2020 Skills Gap Survey	Leadership
2020	Trustwave	2020 Trustwave Global Security Report	Breach, Email, Mobile
2020	Unisys	2020 Unisys Security Index	Risk
2020	Veracode	State of Software Security v11	AppSec
2020	Veracode/ESG	Modern Application Development Security	AppSec
2020	Verizon	2020 Data Breach Investigations Report	Breach
2020	World Economic Forum	2020 Global Risks Report	Risk
2020	Yubico	2020 State of Password and Authentication Security Behaviors Report	Password
2019	Accenture	2019 Cyber Threatscape Report	Threat
2019	Akamai	2019 - State of the Internet Security Reports	DDoS, Breach, Cloud, Malware
2019	Bureau of Labor and Statistics (US)	2019 United States Department of Labor Information Security Statistics	Leadership
2019	Symantec (Broadcom)	2019 - Annual Internet Security Threat Report (ISTR)	DDoS, Breach, Cloud, Malware
2019	Cloud Security Alliance	2019 Top Threats to Cloud Computing	Cloud
2019	Cobalt	The State of Pentesting 2019	Vulnerability
2019	Duo	2019 Duo Trusted Access Report	Password, MFA
2019	EY	21st EY Global Information Security Survey (2018-2019)	Breach, Leadership
2019	Greathorn	2019 Email Security Trends, Challenges, and Benchmarks	Email, Phish
2019	IBM	2019 Cost of a Data Breach Report	Breach
2019	FBI/IC3	2019 Internet Crimes Report (ICR) State reports: 2019 Internet Crimes Report (ICR) by State	Breach, Crime
2019	ISC2	2019 Cybersecurity Workforce Study	Leadership
2019	ISSA/ESG	2019 Global Cybersecurity Skills Study	Leadership
2019	KPMG	Oracle and KPMG Cloud Threat Report 2019	Cloud
2019	LastPass	2019 Annual Global Password Security Report	Password
2019	mimecast	The State of Email Security 2019	Email, Phish
2019	nCipher	2019 Global Encryption Trends Study	Encryption
2019	National Small Business Association	2019 Technology and Small Business Survey	Threat, Risk, SMB
2019	Puppet	2019 State of DevOps Report	DevOps
2019	PwC	2019 Digital Trust Insights	Leadership
2019	radware	2019 C-Suite Perspectives: Trends in the Cyberattack Landscape, Security Threats and Business Impacts	Leadership
2019	Risk Based Security	2019 Year-end Data Breach QuickView Report	Breach
2019	Risk Based Security	2019 MidYear Data Breach QuickView Report	Breach
2019	Risk Based Security	2019 Year-end Vulnerability QuickView Report	Vulnerability
2019	Risk Based Security	2019 MidYear Vulnerability QuickView Report	Vulnerability
2019	Risk Based Security	2018 Year End Vulnerability QuickView Report	Vulnerability
2019	Sailpoint	2019 Identity Report	Identity
2019	Securonix	2019 Insider Threat Report	Insider
2019	Smartbear	State of API 2019 Report	AppSec, DevOps
2019	Sonatype	5th Annual State of the Software Supply Chain Report	Supply Chain
2019	Trend Micro	2019 Mobile Threat Landscape	Mobile
2019	Trend Micro	2019 Cloud App Security Report	Cloud, AppSec
2019	Trustwave	2019 Trustwave Global Security Report	Breach, Email, Mobile
2019	Unisys	2019 Unisys Security Index	Risk
2019	Varonis	2019 Global Data Risk Report	Breach, Malware, Insider
2019	Veracode	State of Software Security v10	AppSec
2019	Verizon	2019 Data Breach Investigations Report	Breach
2019	World Economic Forum	2019 Global Risks Report	Risk
2019	Yubico	2019 State of Password and Authentication Security Behaviors Report	Password
2018	Akamai	2018 - State of the Internet Security Reports	DDoS, Breach, Cloud, Malware
2018	Bureau of Labor and Statistics (US)	2018 United States Department of Labor Information Security Statistics	Leadership
2018	Symantec (Broadcom)	2018 - Annual Internet Security Threat Report (ISTR)	DDoS, Breach, Cloud, Malware
2018	Cloud Security Alliance	2018 Top Threats to Cloud Computing	Cloud
2018	Duo	2018 Duo Trusted Access Report	Password, MFA
2018	EY	20st EY Global Information Security Survey (2017-2018)	Breach, Leadership
2018	Greathorn	2018 Email Security Trends, Challenges, and Benchmarks	Email
2018	IBM	2018 Cost of a Data Breach Report	Breach
2018	FBI/IC3	2018 Internet Crimes Report (ICR) State reports: 2018 Internet Crimes Report (ICR) by State	Breach, Crime
2018	ISC2	2018 Cybersecurity Workforce Study	Leadership
2018	ISSA/ESG	2018 Global Cybersecurity Skills Study	Leadership
2018	KPMG	Oracle and KPMG Cloud Threat Report 2018	Cloud
2018	LastPass	2018 Annual Global Password Security Report	Password
2018	mimecast	The State of Email Security 2018	Email, Phish
2018	Puppet	2018 State of DevOps Report	DevOps
2018	PwC	2018 Digital Trust Insights	Leadership
2018	radware	2018 C-Suite Perspectives: Trends in the Cyberattack Landscape, Security Threats and Business Impacts	Leadership
2018	Risk Based Security	2018 Year-end Data Breach QuickView Report	Breach
2018	Risk Based Security	2018 MidYear Data Breach QuickView Report	Breach
2018	Risk Based Security	2018 Year-end Vulnerability QuickView Report	Vulnerability
2018	Risk Based Security	2018 MidYear Vulnerability QuickView Report	Vulnerability
2018	Risk Based Security	2018 Year End Vulnerability QuickView Report	Vulnerability
2018	Sailpoint	2018 Identity Report	Identity
2018	Sonatype	4th Annual State of the Software Supply Chain Report	Supply Chain
2018	Trend Micro	2018 Mobile Threat Landscape	Mobile
2018	Trend Micro	2018 Cloud App Security Report	Cloud, AppSec
2018	Trustwave	2018 Trustwave Global Security Report	Breach, Email, Mobile
2018	Varonis	2018 Global Data Risk Report	Breach, Malware, Insider
2018	Veracode	State of Software Security v9	AppSec
2018	Verizon	2018 Data Breach Investigations Report	Breach
2018	World Economic Forum	2018 Global Risks Report	Risk
2017	Akamai	2017 - State of the Internet Security Reports	DDoS, Breach, Cloud, Malware
2017	Symantec (Broadcom)	2017 - Annual Internet Security Threat Report (ISTR)	DDoS, Breach, Cloud, Malware
2017	Cloud Security Alliance	2017 Top Threats to Cloud Computing	Cloud
2017	Duo	2017 Duo Trusted Access Report	Password, MFA
2017	Greathorn	2017 Spear Phishing Trends	Email, Phish
2017	IBM	2017 Cost of a Data Breach Report	Breach
2017	FBI/IC3	2017 Internet Crimes Report (ICR) State reports: 2017 Internet Crimes Report (ICR) by State	Breach
2017	ISC2	Regional 2017 Benchmarking Workforce Study: North America / Latin America / Asia Pacific Europe, The Middle East and Africa	Leadership
2017	ISSA/ESG	2017 Global Cybersecurity Skills Study	Leadership
2017	Risk Based Security	2017 Year-end Vulnerability QuickView Report	Vulnerability
2017	Risk Based Security	2017 Year-end Data Breach QuickView Report	Breach
2017	Sonatype	3rd Annual State of the Software Supply Chain Report	Supply Chain
2017	Trend Micro	2017 Cloud App Security Report	Cloud, AppSec
2017	Trustwave	2017 Trustwave Global Security Report	Breach, Email, Mobile
2017	Varonis	2017 Global Data Risk Report	Breach, Malware, Insider
2017	Verizon	2017 Data Breach Investigations Report	Breach
2017	World Economic Forum	2017 Global Risks Report	Risk
2016	Akamai	2016 - State of the Internet Security Reports	DDoS, Breach, Cloud, Malware
2016	Symantec (Broadcom)	2016 - Annual Internet Security Threat Report (ISTR)	DDoS, Breach, Cloud, Malware
2016	Cloud Security Alliance	2016 Top Threats to Cloud Computing	Cloud
2016	Duo	2016 Duo Trusted Access Report	Password, MFA
2016	FBI/IC3	2016 Internet Crimes Report (ICR) State reports: 2016 Internet Crimes Report (ICR) by State	Breach
2016	ISSA/ESG	2016 Global Cybersecurity Skills Study Pt. 1 2016 Global Cybersecurity Skills Study Pt. 2	Leadership
2016	Trustwave	2016 Trustwave Global Security Report	Breach, Email, Mobile
2016	World Economic Forum	2016 Global Risks Report	Risk
2015	ISC2	2015 Cybersecurity Workforce Study	Leadership
2015	Trustwave	2015 Trustwave Global Security Report	Breach, Email, Mobile
2015	World Economic Forum	2015 Global Risks Report	Risk