Industry Statistical & Metrics Reports

Below you will find links to many of the metrics and statistical reports I use when discussing the state of information security. Many of the typical suspects are here – DDoS, Ransomware, SPAM, Insider Threats, and DevOps – all of the normal data points most of us look for. However, you’ll also find some outliers – the Market Size estimates, US Labor stats on industry size growth and salary ranges, and those ever-so-slightly esoteric statistics that seem to be impossible to find when you need them in a crunch.

Be forewarned, many of these sites will require you to provide your contact information before downloading the reports, however, depending on what you are looking for, it may be worth the price of admission.

Use the submission box below to send me the ones you find useful and I’ll include them.

Dedicated Research and Vendor Metrics Pages

Crowdstrike’s Threat Reports : Attack & Threat Reports
Cybersecurity Ventures : Cybercrime Research Center
Deloitte’s Cyber Perspectives : Cybersecurity Strategy & Insights
ESET’s WeLive Security : Threat and research Reports
EY’s ‘Latest Thinking’ on Cybersecurity : Cybersecurity Strategy Reports

Kaspersky’s Securelist : Cyberthreat & Research Reports
KPMG Insights : Management Cybersecurity Insights
PwC’s Cybersecurity Library : Cybersecurity and Privacy Reports

Individual Metrics Reports

Reports by Catagories:

Total Links In Library: 268

AppSec

Publisher	Year	Link	Tags
Future Market Insights	2022	API Security Market	API, Market
noname/451 Research	2022	The 2022 API Security Trends Report	API, DevOps
Salt Security	2022	API Security Trends	API, DevOps
Sonatype	2021	State of the Software Supply Chain Report	Supply Chain
Sonatype	2021	Annual State of the Software Supply Chain Report	Supply Chain
Veracode	2021	State of Software Security v12	DevOps
Puppet	2021	State of DevOps Report	DevOps
The Linux Foundation	2020	FOSS Contributor Survey	Open Source
Netsparker	2020	State of Application Security
Puppet	2020	State of DevOps Report	DevOps
Smartbear	2020	State of API Report	API
Sonatype	2020	6th Annual State of the Software Supply Chain Report	Supply Chain
Synopsys	2020	Open Source Security and Risk Analysis (OSSRA) Report	Open Source
Veracode	2020	State of Software Security v11
Veracode/ESG	2020	Modern Application Development Security
Puppet	2019	State of DevOps Report	DevOps
Smartbear	2019	State of API Report	API
Sonatype	2019	5th Annual State of the Software Supply Chain Report	Supply Chain
Trend Micro	2019	Cloud App Security Report	Cloud
Veracode	2019	State of Software Security v10
Puppet	2018	State of DevOps Report	DevOps
Trend Micro	2018	Cloud App Security Report	Cloud
Veracode	2018	State of Software Security v9
Trend Micro	2017	Cloud App Security Report	Cloud

Breach

Publisher	Year	Link	Tags
NIH	2022	Healthcare Data Breaches: Insights and Implications	Healthcare
HIPAA Journal	2022	Healthcare Data Breach Statistics	Healthcare
Firewall Times	2022	26 Eye-Opening Data Breach Statistics – 2022
Varonis	2022	89 Must-Know Data Breach Statistics – 2022	Crime, Email, Insider, Ransomware
IBM	2022	Cost of a data breach 2022	Attack, Crime, SOC
Accenture	2022	Cyber Threat Intelligence Report Volume 2	Attack, IOT/OT, SOC
IBM	2021	Cost of a Data Breach Report 2021	Attack, Crime, SOC
IBM	2020	Cost of a Data Breach Report 2020	Attack, Crime, SOC
Risk Based Security	2020	Mid Year Data Breach QuickView Report
Tessian	2020	The Psychology of Human Error 2020	People
Tessian	2020	The State of Data Loss Prevention 2020
Trustwave	2020	Trustwave Global Security Report
Verizon	2020	Data Breach Investigations Report
IBM	2019	Cost of a Data Breach Report 2019	Attack, Crime, SOC
FBI/IC3	2019	Internet Crimes Report (ICR)	Crime
Risk Based Security	2019	Year-end Data Breach QuickView Report
Risk Based Security	2019	MidYear Data Breach QuickView Report
Trustwave	2019	Trustwave Global Security Report
Varonis	2019	Global Data Risk Report
Verizon	2019	Data Breach Investigations Report
Akamai	2019	State of the Internet Security Reports
EY	2018	20th EY Global Information Security Survey (2017-2018)
IBM	2018	Cost of a Data Breach Report 2018	Attack, Crime, SOC
FBI/IC3	2018	Internet Crimes Report (ICR)	Crime
Risk Based Security	2018	Year-end Data Breach QuickView Report
Risk Based Security	2018	MidYear Data Breach QuickView Report
Trustwave	2018	Trustwave Global Security Report
Varonis	2018	Global Data Risk Report
Verizon	2018	Data Breach Investigations Report
Akamai	2018	State of the Internet Security Reports
IBM	2017	Cost of a Data Breach Report 2017	Attack, Crime, SOC
FBI/IC3	2017	Internet Crimes Report (ICR)	Crime
Risk Based Security	2017	Year-end Data Breach QuickView Report
Trustwave	2017	Trustwave Global Security Report
Verizon	2017	Data Breach Investigations Report
Akamai	2016	State of the Internet Security Reports
Symantec (Broadcom)	2016	Annual Internet Security Threat Report (ISTR)
FBI/IC3	2016	Internet Crimes Report (ICR)	Crime
Trustwave	2016	Trustwave Global Security Report
Trustwave	2015	Trustwave Global Security Report

DDoS

Publisher	Year	Link	Tags
Akamai	2019	State of the Internet Security Reports	DDoS

Identity

Publisher	Year	Link	Tags
Duo	2020	Duo Trusted Access Report	MFA
Yubico	2020	State of Password and Authentication Security Behaviors Report	Password
Duo	2019	Duo Trusted Access Report	MFA
LastPass	2019	Annual Global Password Security Report	Password
Sailpoint	2019	Identity Report
Yubico	2019	State of Password and Authentication Security Behaviors Report	Password
Duo	2018	Duo Trusted Access Report	MFA
LastPass	2018	Annual Global Password Security Report	Password
Sailpoint	2018	Identity Report
Duo	2017	Duo Trusted Access Report	MFA
Duo	2016	Duo Trusted Access Report	MFA

Leadership

Publisher	Year	Link	Tags
Bureau of Labor and Statistics (US)	2022	United States Department of Labor Information Security Statistics	People
EY	2021	EY Global Information Security Survey 2021
EY	2020	EY Global Information Security Survey
INFORMS	2020	The Influence of Professional Subculture on Information Security Policy Violations in Healthcare	People
ISC2	2020	Cybersecurity Workforce Study	People
ISSA/ESG	2020	The Impact of the COVID-19 Pandemic on Cybersecurity	People
Statista	2020	Size of the cybersecurity market cap worldwide	Market
Tripwire	2020	Skills Gap Survey	People
Bureau of Labor and Statistics (US)	2019	United States Department of Labor Information Security Statistics	People
EY	2019	21st EY Global Information Security Survey (2018-2019)
ISC2	2019	Cybersecurity Workforce Study	People
ISSA/ESG	2019	Global Cybersecurity Skills Study	People
PwC	2019	Digital Trust Insights
radware	2019	C-Suite Perspectives: Trends in the Cyberattack Landscape, Security Threats and Business Impacts
Bureau of Labor and Statistics (US)	2018	United States Department of Labor Information Security Statistics	People
ISC2	2018	Cybersecurity Workforce Study	People
ISSA/ESG	2018	Global Cybersecurity Skills Study	People
PwC	2018	Digital Trust Insights
radware	2018	C-Suite Perspectives: Trends in the Cyberattack Landscape, Security Threats and Business Impacts
ISSA/EC3	2017	Global Cybersecurity Skills Study	People
ISSA/ESG	2016	Global Cybersecurity Skills Study Pt. 1	People
ISC2	2015	Cybersecurity Workforce Study	People

Risk

Publisher	Year	Link
netwrix	2020	Data Risk & Security Report
Unisys	2020	Unisys Security Index
World Economic Forum	2020	Global Risks Report
Unisys	2019	Unisys Security Index
World Economic Forum	2019	Global Risks Report
World Economic Forum	2018	Global Risks Report
Varonis	2017	Global Data Risk Report
World Economic Forum	2017	Global Risks Report
World Economic Forum	2016	Global Risks Report
World Economic Forum	2015	Global Risks Report

Technology

Publisher	Year	Link	Tags
nCipher	2020	Global Encryption Trends Study	Cryptography
Orca Security	2020	State of Virtual Appliance Security Report	Virtual
nCipher	2019	Global Encryption Trends Study	Cryptography
Trend Micro	2019	Mobile Threat Landscape	Mobile

Threat

Publisher	Year	Link	Tags
Splunk	2022	The State of Observability 2022	SOC, Threat Intel
Splunk	2022	The State of Security 2022	Attack, DevOps, Email, Insider, SOC
Accenture	2022	Cyber Threat Intelligence Report Volume 2	Attack, IOT/OT, SOC
Accenture	2021	Cyber Threat Intelligence Report Volume 1	Attack, IOT/OT, SOC
Accenture	2020	Cyber Threatscape Report
Cybersecurity Insiders	2020	Threat Hunting Report
Dragos	2020	ICS Manufacturing Threat Perspective	IOT/OT
ESET	2020	ESET Threat Report Q2 2020
ESET	2020	ESET Threat Report Q1 2020
Greathorn	2020	Email Security Benchmark Report	Email
IBM	2020	Cost of Insider Threats	Insider
Kasperski	2020	Kasperski Publications
KPMG	2020	Oracle and KPMG Cloud Threat Report 2020	Cloud
mimecast	2020	The State of Email Security 2020	Email
netwrix	2020	Cyber Threats Report
Nokia	2020	Threat Intelligence Report 2020
Securonix	2020	Insider Threat Report	Insider
SIRP	2020	Security Analysts Survey
Accenture	2020	Cyber Threatscape Report
Symantec (Broadcom)	2019	Annual Internet Security Threat Report (ISTR)
Cloud Security Alliance	2019	Top Threats to Cloud Computing	Cloud
Greathorn	2019	Email Security Trends, Challenges, and Benchmarks	Email
KPMG	2019	Oracle and KPMG Cloud Threat Report 2019	Cloud
mimecast	2019	The State of Email Security 2019	Email
National Small Business Association	2019	Technology and Small Business Survey	SMB
Securonix	2019	Insider Threat Report	Insider
Symantec (Broadcom)	2018	Annual Internet Security Threat Report (ISTR)
Cloud Security Alliance	2018	Top Threats to Cloud Computing	Cloud
Greathorn	2018	Email Security Trends, Challenges, and Benchmarks	Email
KPMG	2018	Oracle and KPMG Cloud Threat Report 2018	Cloud
mimecast	2018	The State of Email Security 2018	Email
Sonatype	2018	4th Annual State of the Software Supply Chain Report	Supply Chain
Trend Micro	2018	Mobile Threat Landscape	Mobile
Symantec (Broadcom)	2017	Annual Internet Security Threat Report (ISTR)
Cloud Security Alliance	2017	Top Threats to Cloud Computing	Cloud
Greathorn	2017	Spear Phishing Trends	Email
Sonatype	2017	3rd Annual State of the Software Supply Chain Report	Supply Chain
Cloud Security Alliance	2016	Top Threats to Cloud Computing	Cloud

Veteran

Publisher	Year	Link
2022	TeamOne Training for Veterans	Education
2022	Bank of America Veteran Resources	Corporate
2022	Cyber Security Education and Training Resources	Resources
2022	San Diego Cyber Center of Excellence (CCOE)	Resources
2022	Veterans Guide to Finding a Job in Local Government	Resources
2022	Information Assurance Scholarship Program (US Navy)	Scholarships
2022	Yellow Ribbon Program (VA)	Scholarships
2022	CyberCorps: Scholarship for Service (SFS) Program	Scholarships
2022	Cybersecurity Career Guide for Veterans (Georgia Tech)	Resources
2022	Palo Alto Second Watch	Corporate
2022	New Beginnings Computer Training	Education
2022	Veteran’s guide to a cybersecurity career	Resources
2022	Drexel Cyber Security Training	Education
2022	Deloitte Military Veterans Program	Corporate
2022	Salesforce Military	Corporate
2022	Synack Veteran Program	Corporate
2022	Microsoft Military Affairs	Corporate
2022	Cisco Military Veteran Programs	Corporate
2022	Bestcolleges.com Veteran Scholarships	Scholarships
2022	Military Tuition Assistance Program	Scholarships
2022	Scholarships.com Veteran Scholarships	Scholarships
2022	Top Scholarships for Veterans	Scholarships
2022	Silent Professionals – Cyber	Career
2022	CyberCareers.gov (OPM)	Career
2022	Apprenticeship Finder – Cyber	Scholarships
2022	MyNextMove for Vets	Resources
2022	LinkedIn Veteran Program	Corporate
2022	Veteran Jobs Search (Military.com)	Resources
2022	Veteran Jobs Mission	Resources
2022	Career Services for Military and Veterans (UMass)	Resources
2022	How to translate your military skills to a civilian resume	Resources
2022	Veteran Resources (NICE)	Career
2022	O*NET OnLine	Resources
2022	G.I. Jobs	Resources
2022	Veteran Readiness and Employment (VR&E)	Education
2022	National Centers of Academic Excellence in Cybersecurity (NSA)	Education
2022	Cyber Security Online Degree Programs	Education
2022	Scholarship For Service (SFS)	Scholarships
2022	Hiring Our Heroes (HOH)	Career
2022	VETS Transition Assistance Program	Career
2022	DOD SkillBridge	Career
2022	Candorful	Career
2022	Veterans and First Responders Training Initiative	Education
2022	Veterans technology education courses	Education
2022	Booz Allen’s Mil/Tech Workforce Initiative	Corporate
2022	VetSuccess Academy (SANS)	Education
2022	Fortinet Veterans Program	Corporate
2022	SCSVets	Education
2022	Georgia Cyber Center WorkForces Program	Education
2022	Outside the Wire	Education
2022	CyberVetsUSA (NCDIT)	Education
2022	CyberVET	Education
2022	CyberSkills2Work	Education
2022	Federal Virtual Training Environment (FedVTE)	Education
2022	National Initiative for Cybersecurity Careers and Studies (NICCS)	Resources

Vulnerability

Publisher	Year	Link	Tags
Veracode	2021	State of Software Security v12	DevOps
BeyondTrust	2020	BeyondTrust Microsoft Vulnerabilities Report 2020	Microsoft
IBM	2020	A Programmatic Approach to Vulnerability Management for Hybrid Multicloud
Cobalt	2019	The State of Pentesting 2019
Risk Based Security	2019	Year-end Vulnerability QuickView Report
Risk Based Security	2019	MidYear Vulnerability QuickView Report
Risk Based Security	2019	Year End Vulnerability QuickView Report
Risk Based Security	2018	Year End Vulnerability QuickView Report
Risk Based Security	2018	MidYear Vulnerability QuickView Report
Risk Based Security	2017	Year-end Vulnerability QuickView Report

Related Posts:

You missed

Technology Risk in the Private Equity World

A CISOs Guide to ESG

Cyber Resources For Veterans

The Evolving Game Of Cyber Insurance