On this page, you will find many of the metrics and statistical reports I use when discussing the state of information security. Many of the typical suspects are here – DDoS, Ransomware, SPAM, Insider Threats, and DevOps – all of the normal data points most of us look for. However, you’ll also find some outliers – the Market Size estimates, US Labor stats on industry size growth and salary ranges, and those ever-so-slightly esoteric statistics that seem to be impossible to find when you need them in a crunch.

Be forewarned, many of these sites will require you to provide your contact information before downloading the reports, however, depending on what you are looking for, it may be worth the price of admission.

As always, I encourage you to send me the ones you find useful and I’ll include them. Contact me here.

Table last updated on October 17, 2020

Hint: Shift-click to sort by multiple columns.

YearPublisherNameKeyword
2020BeyondtrustMicrosoft Vulnerabilities Report 2020Vulnerability
2020Bureau of Labor and Statistics (US)2020 United States Department of Labor Information Security StatisticsLeadership
2020NewCybersecurity Insiders2020 Threat Hunting ReportThreat, Breach, Risk
2020ESET ESET Threat Report Q2 2020Threat
2020ESET ESET Threat Report Q1 2020Threat
2020EYEY Global Information Security SurveyBreach, Leadership
2020Greathorn 2020 Email Security Benchmark ReportEmail, Phish
2020IBM 2020 Cost of Insider ThreatsInsider
2020IBM 2020 Cost of a Data Breach ReportBreach
2020IBM A Programmatic Approach to Vulnerability Management for Hybrid MulticloudVulnerability, Cloud
2020ISSA/ESGThe Impact of the COVID-19 Pandemic on CybersecurityLeadership, COVID
2020Kasperski Kasperski PublicationsThreat, DDoS, Breach, Malware, Email
2020KPMGOracle and KPMG Cloud Threat Report 2020Cloud
2020mimecast The State of Email Security 2020Email, Phish
2020nCipher 2020 Global Encryption Trends StudyEncryption
2020NewOrca Security2020 State of Virtual Appliance Security ReportVulnerability, Risk
2020Risk Based Security
2020 Mid Year Data Breach QuickView Report		Breach
2020Securonix2020 Insider Threat ReportInsider
2020Sonatype6th Annual State of the Software Supply Chain ReportSupply Chain
2020Statista Size of the cybersecurity market cap worldwideMarket
2020Synopsys2020 Open Source Security and Risk Analysis (OSSRA) ReportAppSec
2020TessianThe Psychology of Human Error 2020Breach
2020TessianThe State of Data Loss Prevention 2020Breach
2020Tripwire2020 Skills Gap SurveyLeadership
2020Trustwave2020 Trustwave Global Security ReportBreach, Email, Mobile
2020NewUnisys2020 Unisys Security IndexRisk
2020Veracode/ESGModern Application Development SecurityAppSec
2020Verizon2020 Data Breach Investigations ReportBreach
2020World Economic Forum2020 Global Risks ReportRisk
2020Yubico2020 State of Password and Authentication Security Behaviors ReportPassword
2019NewCobaltThe State of Pentesting 2019Vulnerability
2019NewNational Small Business Association2019 Technology and Small Business SurveyThreat, Risk, SMB
2019Akamai 2019 - State of the Internet Security ReportsDDoS, Breach, Cloud, Malware
2019Bureau of Labor and Statistics (US)2019 United States Department of Labor Information Security StatisticsLeadership
2019Symantec (Broadcom) 2019 - Annual Internet Security Threat Report (ISTR)DDoS, Breach, Cloud, Malware
2019Cloud Security Alliance2019 Top Threats to Cloud ComputingCloud
2019EY21st EY Global Information Security Survey (2018-2019)Breach, Leadership
2019Greathorn 2019 Email Security Trends, Challenges, and BenchmarksEmail, Phish
2019IBM 2019 Cost of a Data Breach ReportBreach
2019FBI/IC3 2019 Internet Crimes Report (ICR)
State reports: 2019 Internet Crimes Report (ICR) by State		Breach, Crime
2019ISC22019 Cybersecurity Workforce StudyLeadership
2019ISSA/ESG2019 Global Cybersecurity Skills StudyLeadership
2019KPMGOracle and KPMG Cloud Threat Report 2019Cloud
2019LastPass 2019 Annual Global Password Security ReportPassword
2019mimecast The State of Email Security 2019Email, Phish
2019nCipher 2019 Global Encryption Trends StudyEncryption
2019PwC2019 Digital Trust InsightsLeadership
2019radware 2019 C-Suite Perspectives: Trends in the Cyberattack Landscape, Security Threats and Business ImpactsLeadership
2019Risk Based Security
2019 Year-end Data Breach QuickView Report
Breach
2019Risk Based Security
2019 MidYear Data Breach QuickView Report
Breach
2019Risk Based Security
2019 Year-end Vulnerability QuickView Report
Vulnerability
2019Risk Based Security
2019 MidYear Vulnerability QuickView Report
Vulnerability
2019Sailpoint 2019 Identity ReportIdentity
2019Securonix2019 Insider Threat ReportInsider
2019Sonatype5th Annual State of the Software Supply Chain ReportSupply Chain
2019Trend Micro2019 Mobile Threat LandscapeMobile
2019Trend Micro2019 Cloud App Security ReportCloud, AppSec
2019Trustwave2019 Trustwave Global Security ReportBreach, Email, Mobile
2019NewUnisys2019 Unisys Security IndexRisk
2019Varonis2019 Global Data Risk ReportBreach, Malware, Insider
2019Verizon2019 Data Breach Investigations ReportBreach
2019World Economic Forum2019 Global Risks ReportRisk
2019Yubico2019 State of Password and Authentication Security Behaviors ReportPassword
2018Akamai 2018 - State of the Internet Security ReportsDDoS, Breach, Cloud, Malware
2018Bureau of Labor and Statistics (US)2018 United States Department of Labor Information Security StatisticsLeadership
2018Symantec (Broadcom) 2018 - Annual Internet Security Threat Report (ISTR)DDoS, Breach, Cloud, Malware
2018Cloud Security Alliance2018 Top Threats to Cloud ComputingCloud
2018EY20st EY Global Information Security Survey (2017-2018)Breach, Leadership
2018Greathorn 2018 Email Security Trends, Challenges, and BenchmarksEmail
2018IBM 2018 Cost of a Data Breach ReportBreach
2018FBI/IC3 2018 Internet Crimes Report (ICR)
State reports: 2018 Internet Crimes Report (ICR) by State		Breach, Crime
2018ISC22018 Cybersecurity Workforce StudyLeadership
2018ISSA/ESG2018 Global Cybersecurity Skills StudyLeadership
2018KPMGOracle and KPMG Cloud Threat Report 2018Cloud
2018LastPass 2018 Annual Global Password Security ReportPassword
2018mimecast The State of Email Security 2018Email, Phish
2018PwC2018 Digital Trust InsightsLeadership
2018radware 2018 C-Suite Perspectives: Trends in the Cyberattack Landscape, Security Threats and Business ImpactsLeadership
2018Risk Based Security
2018 Year-end Data Breach QuickView Report
Breach
2018Risk Based Security
2018 MidYear Data Breach QuickView Report
Breach
2018Risk Based Security
2018 Year-end Vulnerability QuickView Report
Vulnerability
2018Risk Based Security
2018 MidYear Vulnerability QuickView Report
Vulnerability
2018Sailpoint 2018 Identity ReportIdentity
2018Sonatype4th Annual State of the Software Supply Chain ReportSupply Chain
2018Trend Micro2018 Mobile Threat LandscapeMobile
2018Trend Micro2018 Cloud App Security ReportCloud, AppSec
2018Trustwave2018 Trustwave Global Security ReportBreach, Email, Mobile
2018Varonis2018 Global Data Risk ReportBreach, Malware, Insider
2018Verizon2018 Data Breach Investigations ReportBreach
2018World Economic Forum2018 Global Risks ReportRisk
2017Akamai 2017 - State of the Internet Security ReportsDDoS, Breach, Cloud, Malware
2017Symantec (Broadcom) 2017 - Annual Internet Security Threat Report (ISTR)DDoS, Breach, Cloud, Malware
2017Cloud Security Alliance2017 Top Threats to Cloud ComputingCloud
2017Greathorn 2017 Spear Phishing TrendsEmail, Phish
2017IBM 2017 Cost of a Data Breach ReportBreach
2017FBI/IC3 2017 Internet Crimes Report (ICR)
State reports: 2017 Internet Crimes Report (ICR) by State		Breach
2017ISC2Regional 2017 Benchmarking Workforce Study:
North America / Latin America / Asia Pacific
Europe, The Middle East and Africa

Leadership
2017ISSA/ESG2017 Global Cybersecurity Skills StudyLeadership
2017Risk Based Security
2017 Year-end Vulnerability QuickView Report
Vulnerability
2017Risk Based Security
2017 Year-end Data Breach QuickView Report
Breach
2017Sonatype3rd Annual State of the Software Supply Chain ReportSupply Chain
2017Trend Micro2017 Cloud App Security ReportCloud, AppSec
2017Trustwave2017 Trustwave Global Security ReportBreach, Email, Mobile
2017Varonis2017 Global Data Risk ReportBreach, Malware, Insider
2017Verizon2017 Data Breach Investigations ReportBreach
2017World Economic Forum2017 Global Risks ReportRisk
2016Akamai 2016 - State of the Internet Security ReportsDDoS, Breach, Cloud, Malware
2016Symantec (Broadcom) 2016 - Annual Internet Security Threat Report (ISTR)DDoS, Breach, Cloud, Malware
2016Cloud Security Alliance2016 Top Threats to Cloud ComputingCloud
2016FBI/IC3 2016 Internet Crimes Report (ICR)
State reports: 2016 Internet Crimes Report (ICR) by State		Breach
2016ISSA/ESG2016 Global Cybersecurity Skills Study Pt. 1
2016 Global Cybersecurity Skills Study Pt. 2		Leadership
2016Trustwave2016 Trustwave Global Security ReportBreach, Email, Mobile
2016World Economic Forum2016 Global Risks ReportRisk
2015ISC22015 Cybersecurity Workforce StudyLeadership
2015Trustwave2015 Trustwave Global Security ReportBreach, Email, Mobile
2015World Economic Forum2015 Global Risks ReportRisk

Copyright © 2002-2020 John Masserini. All rights reserved.

Copyright © 2020 Chronicles of a CISO OnePress theme by FameThemes