Cyber Threats: key insights from the best reports

The New Mafia: Gangs and Vigilantes - A guide to cybercrime for CEOs Malwarebytes - 17pgs - 7th December 2017
2,000% rise in Ransomware over last 2 years.
23% increase in all types of identified cybercrime attacks on businesses since 2016.
"Instead of closing gaps and filling holes, businesses have to turn offensive in the battle against cybercrime."
In the 1980s & 1990s, ‘Hacking’ transformed into criminal activity. In the 2000s, it piqued the interest of criminals & nations.
Cybercrime has emerged from a nascent threat to an endemic global phenomenon.
Threat Intelligence Report Nokia - data from the Nokia NetGuard Endpoint Security solution, protecting 100 million devices - 20 pgs - 13th Nov 2017
Cybercriminals are changing their focus from the Windows/PC ecosystem to smartphones and IoT devices.
0.68% of all mobile devices carry an infection identifiable by NetGuard Endpoint Security.
0.94% of Android devices carry an infection identifiable by NetGuard Endpoint Security.
The volume, velocity and variety of security data today is overwhelming security teams.
CyberArk - survey of 825 professionals in Security and DevOps - 8 pgs -7th Nov 2017
Many organisations now have fast-growing a DevOps function, to achieve significant business and IT benefits.
Due to the dynamic nature of the DevOps function, key ‘secrets’ (like privileged account credentials) are copied and shared in multiple locations.
60% of DevOps staff store privileged account or admin passwords in a document on a company PC.
99% of the 825 professionals surveyed failed to identify all places such secrets are stored.
Cyber Resilience Report Redseal - interviews with 600 CISOS and CIOs in USA and UK - 3pgs - 3rd Nov 2017
55% of CISOs and CIOs say they can't react quickly enough to limit damage in the event of a major security incident.
54% of CISOs and CIOs say they lack the resources and tools they need.
Investigation: WannaCry Cyber attack and the NHS National Audit Office – 33 pgs – 27th October 2017
The NHS had not rehearsed for a national cyber attack, so it was not clear who should lead the response.
There was no clear relationship between vulnerability to the WannaCry attack and leadership in trusts.
The Department was warned about the risks of cyber attacks on the NHS a year before WannaCry but still failed to react.
Breach Insights Report Beazley - review of 2,013 cyber incidents in 2017 - 3 pgs - 24th Oct 2017
34% of data breaches caused by hacking and malware; 29% of data breaches caused by unintended disclosure.
A social engineering attack occurs when a hacker uses deception to manipulate individuals into divulging con dential or personal information.
Nine-fold rise in data breaches due to social engineering in 2017 compared to 2016.
Cyber Threat-Scape Report - Accenture - 56 pigs - 5 October 2017 Criminal marketplaces are profitable and tools are more accessible to all.
Destructive cyber-threat activity is becoming more common and attribution is getting harder
Although governments are trying hard to avoid future leaks, more exploit arsenals will be exposed in the coming years.
An increasingly lucrative criminal marketplace is driving differentiated criminal offerings, emboldening and enabling more actors with better capabilities.
Sensitive Data at Risk - Data Protection Survey SANS - survey of 257 IT and security administrators - 24 pgs - 30th September 2017
48% of breaches resulted in the exfiltration of sensitive data via an encrypted channel established by malware.
31% say lack of staffing and resources is the biggest obstacle to protecting sensitive data.
Europol (EC3) - "The Internet Organised Crime Threat Assessment" IOCTA – 2017 – 80pgs – 28th September 2017
Coercion and sexual extortion are increasingly being used to victimize children online. 

USA remains one of the key destinations for cashing out counterfeit EU payment cards, along with Southeast Asia. 

Most terrorist activity concerns the open internet; however there is a share of terrorist exchange in the Darknet too.
Malware developers are pushed to rely more on other infection methods, including spam botnets and social engineering. 

Law enforcement is witnessing a transition into the use of secure apps and other services by criminals across all crime areas.
Cisco - 2017 Annual Cybersecurity Report - 110 pgs - September The top constraints to adopting advanced security products and solutions, according to the benchmark study, are:
Budget (cited by 35% of the respondents), Product compatibility (28%), Certification (25%), and Talent (25%).
2017 Data Breach Investigations Report - 76 pgs - 14 Sept. 2017 81% of hacking-related breaches leveraged either stolen and/or weak passwords.
73% of breaches were financially motivated; 21% were for espionage.
75% of breaches are perpetrated by outsiders.
51% involved organised criminal groups.
The colossal Equifax data breach has hit 400,00 UK customers Mark Burgess – Wired – 18th September 2017
Equifax failed to treat either people’s data or the law surrounding it seriously.
A flaw in the American firm's systems left the data of a potential 143 million people exposed.
UK’s Informational Commissioner’s Office is “pressing” Equifax on the “nature of the data breach”.
"[Equifax's] Safe Harbour certification suggests that it was not a process failure but a conscious choice."
Effective Ransomware Responses - 8 pgs - FireEye - 15 Sept. 2017 Most ransomware attacks target either the confidentiality or availability of data.
Ransomware operators have infected victims worldwide using their native languages.
Ransomware has primarily affected Windows operating systems, but recently it has affected other operating systems.
EU to beef up cybersecurity agency EUOBSERVER – Teffer – 13th September 2017
Europe faced 4,000 ransomware per day in 2016.
Cyberattacks know no borders and no one is immune.
Jean-Claude Juncker's proposal to set up a European Cybersecurity Agency confirmed.
Government wants to remain in EU cyber security club after Brexit Scroxton – ComputerWeekly – 12th September 2017
Cyber security is a key element of protecting European security and values.
The UK is a world leader in cyber security and seeks to maintain its position.
Need for continuation of collaboration to promote conflict prevention, cooperation and stability in cyber space.
CyberSecurity across US Government Security Scorecard - analysis of security posture of 552 government bodies - 24 pgs - 24th August 2017
Government ranks 16th out of 18th sectors in the USA when it comes to protecting its computer systems from hackers.
Government performs particularly badly in four categories of security measurements: Endpoint Security, IP Reputation, and Patching Cadence.
Among large departments of Government, the IRS, Congressional Budget Office and FTC have the fewest vulnerabilities visibilities visible to hackers.
State of the Internet, 2017 Akamai – 27 pgs - 23rd August 2017
25% increase in total web application attacks since 2016
Gaming customers were targeted by 81% of all volumetric DDoS attacks.
U.S. retained the top position both the source (112 million) and the target (218 milion) of web application attacks.
Even the best, most rational, risk-driven decision made six months ago may no longer be appropriate today.
Patching is not a simple issue. Organizations make patching decisions based on risk and business priorities.
Patching has direct costs, such as staff and testing, and indirect costs, such as downtime.
Data Protection: Employer Obligations and Motivations General global assistance – White Paper – 24 pgs – 21st August 2017
In cybersecurity, the only certainty is change.
Vetting third-party ventors could prevent information leakage into the wrong hands.
Establishing a cyber security culture within a workplace, eliminates the chances of a ‘human error’.
Employee data can be by far more valuable than customer data.
Cyber security among charities: findings from qualitative research IPSOS MORI – Department for Digital, Culture Media & Sport – 29pgs – 21st August 2017
“At the moment cyber security is not a priority, but I do see it becoming a big one in two or three years. Now our turnover’s low...”
“Because of the way we're structured, it's very difficult to have somebody that really focuses on cyber security ... “
Some charities lack the knowledge and skills to pull together training themselves.
Lack of awareness of the notion of cyber insurance among charities.
Online Privacy Guide: How to Stay Safe on the Web Crace – 21st August 2017
Encryption minimises the risk of your data being stolen.
Employ two-factor authentication against password cracking.
FTSE 350 Cyber Governance Health Check Report 2017 HM Government – 28pgs – 21st August 2017
31% of Boards say they receive comprehensive and informative management information on cyber risk.
54% of Boards view cyber risk as a top risk when compared with all the risks faced by their company.
6% of Boards see themselves as completely prepared to meet the requirements of the GDPR.
68% of respondents have not received any training to deal with a cyber incident.
10% of Boards admit they do not have a plan to respond to a cyber incident.
Security Intelligence Report, 2017 Microsoft - data from over 600 million computers – 74 pgs – 18 August 2017
300% increase in user accounts attacked the past 12 months.
Over two-thirds of incoming attacks on Azure services in 1Q17 came from IP addresses in China (35,1%) and the U.S. (32.5 %).
Trojans were the most commonly encountered category of malicious software in 1Q17 by a large margin, led by Win32/Xadupi.
About 8 % of RCE and EOP vulnerabilities were exploited within 30 days of the corresponding security update release.
Second Annual State of Ransomware Report: UK Survey Results Osterman Research – 23pgs –10th August 2017
14% of UK organisations admit they do not conduct ransomware security awareness training.
43% of UK companies paid their worst ransomware, vs 21% in USA, 17% in Germany and 16% in France.
For many UK- based organisations, the source of ransomware is unknown and higher than any country other than France.
71% of the UK-based organisations vs 75% globally see dealing with ransomware to be their highest priority but lack confidence in their abilities.
Downtime is the small business killer, not ransom demands.
Cyber attack landscape of 2017 Cyber Security Insider – 9th August 2017
2016 was one of the biggest years yet in cyber security terms.
The USA receives the most cyber attacks, followed by Germany, Netherlands and UK.
In the second half of 2016, the top five sources of activity were Russia, the Netherlands, the U.S., China and Germany.
Maintaining effective information security is a constant uphill struggle as you are never done.
Insider Threat Survey Dtex Systems – SANS - 23 pgs - 7th August 2017
Organizations are spending over $4.3 million to mitigate, address and resolve insider-related incidents.
Malicious insiders continue to be a top concern (40%), followed by negligent user (36%).
68% of enterprises believe they have never experienced an insider attack.
"For most, detecting and managing internal threats is a Herculean task because of all the unknowns associated with this attack vector. It's easier to focus on external threats," said Pramod Cherukumilli.
2017 Risk Value Report: Business Security – Always a Journey, Never a Destination NTT Security – White Paper – 12 pgs - 4th August 2017
33% of respondents don’t know where their data is physically stored.
Globally, only 40% of organisations believe that they will be subject to GDPR.
Just 39% of organisations in the U.K. currently identify GDPR as a compliance issue.
Outside Europe may organisations are failing to grasp how GDPR regulations will affect them.
Cyber Threats to SMEs in 2017 Webroot - online survey of 600 IT Decision-Makers at mid-sized businesses - 6 pgs - 1st August 2017
94% of medium sized businesses plan to increase their IT security budget, by an average of 12% this year.
96% of medium sized businesses say their organisations will be susceptible to external cybersecurity threats in 2017.
89% of medium sized businesses are confident they could successfully address and/or eliminate issues caused by a cyber attack.
Risk Index for Small & Medium Sized Businesses Zurich - survey of 1,087 decision makers from British SME businesses (less than 250 staff) - 1st August 2017
16% of UK SMEs have fallen victim to a cyber-attack in the last 12 months, equating to more than 875,000 nationwide.
Businesses in London are the worst affected with almost a quarter (23%) reporting that they have suffered a breach within this period.
Of the SME businesses that were affected, 21% reported the cyber attack cost them over £10,000, including 11% who said it cost over £50,000.
25% of medium sized businesses say they have been directly asked by a customer or prospect about what cyber security measures they have in place.
5% of SMEs claim to have gained an advantage over a competitor because of stronger cyber security credentials.
49% of SMEs plan to spend less than £1,000 on cyber security in the next 12 months.
Cybersecurity Trends for Managed Service Providers Webroot - Survey of 500 MSPs - 18 pgs - 28th July 2017
Nearly 90% of Managed Service Providers (MSPs) say their clients were hit by ransomware in last 12 months.
Nearly 70% of MSPs are not completely confident their clients’ endpoints are secure against future ransomware attacks.
Webroot has seen a 3,500% increase in cybercriminal internet infrastructure for launching attacks since January 2016.
12% of MSPs have paid Ransomware for their clients; 78% of MSPs say they never would.
Data Breach Trends, H1 2017 RiskBased Security - analysis of 2,227 breaches reported - 19 pgs - 27 July 2017
2,227 reported breached in the first half of 2017, exposing over 6 billion records.
Breach of ‘DU Called’, exposed over 2 billion records.
Web, the leading cause of records compromised (68.3%) in 2017, but only 7.1% of incidents reported so far this year.
41.6% of reported breaches were the result of Hacking, yet accounted for 30.6% of the exposed records.
121 breaches, or 5.4%, affected Third Parties.
Black Hat 2017 Hacker Survey Report Thycotic – 6pgs – 27th July 2017
The ‘human factor’ is to blame for the majority of the security breaches (85%).
Hackers cite “remembering and changing passwords” as the biggest source of cyber fatigue.
73% of the respondents see traditional perimeter security firewalls and antivirus as irrelevant and obsolete.
Nearly 10, 000 Vulnerabilities Disclosed so far in 2017 – Major vendors continue to be affected Risk Based Security – 26th July 2017
Large number of unreported vulnerabilities makes PCI compliance problematic.
Midyear Cybersecurity Report Cisco - 90 Pgs - 20th July 2017
20% of 300 companies surveyed by Cisco were infected by Spyware.
US$1 billion raised by criminals through Ransomware exploits in 2016.
$5.3 billion was stolen through "business email compromise" between October 2013 and December 2016.
6% of end users per cloud platform have privileged user accounts, which generates risk as only about 1% need them.
28% of IT experts at Medium Sized Businesses doubt the viability of their disaster recovery and business continuity plans.
Trends in Encryption and Data Security: Retail Edition 2017 Thales Data Threat Report – 16pgs – 20 July 2017
80% of global retail organisations deploy new technologies such as cloud, big data, IoT.
19% of U.S. retail organizations feel very or extremely vulnerable, vs 39% of retail organizations globally.
Compliance remains the number one reason for spending on security globally (44%).
At Mid-Year, U.S. Data Breaches Increase at Record Pace ITRC – 18th July 2017
The business sector continues to top the list at 54.7% of the total breaches, followed by the healthcare/medical industry at 22.6%.
The exposure of credit/debit cards in the first half of 2017 rose slightly over 2016 figures, at 12.6 % and 9.6% respectively.
Bad news for consumers: cyber criminals intent on stealing their Social Security numbers, the most effective route to identity theft.
Counting the cost – cyber exposure exposed Lloyd’s of London and Cyence, input from over 50 experts, 56 pgs, 17th July 2017
Lloyd’s estimates insurers will receive $3bn to $3.5bn in premiums for cyber insurance in 2017, with 85% of that paid in the USA.
$53bn direct losses could be suffered by businesses if a major cloud service provider (eg Amazon, Microsoft, IBM) suffered an extreme outage.
Successful attacks on popular hypervisor software used by cloud service providers could result in cascading outages & significant losses.
Troops, Trolls and Troublemakers: A global inventory of organised social media manipulation Computationa Propaganda Research Project– Oxford University – 37pgs – 14th July 2017
Governments have their own in-house teams tasked with influencing public opinion.
Fake accounts are “bots” or bits of code designed to interact with and mimic human users.
Cyber troop teams are highlystructured with clearly assigned duties and a reporting hierarchy.
Cyber troops engage in wide range of activities, from politology to research and development.
Major governments and political parties make use of social media for public opinion manipulation.
Organised social media manipulation occurs in many countries around the world.
Analysis: How data breaches affect stock market share prices Information Security – 11th July 2017
E-commerce and social media companies experience the long term share price drop.
Larger breaches had less of an impact on share price than smaller breaches.
The sensitivity of breached data had a less clear impact on share price in the long term.
Quarterly Report on Cyber Attacks on UK Firms Beaming - Analysis of 1 pg - 6th July 2017
52% increase in number of internet-borne attacks on UK firms, in Q2 2017 vs Q2 2016
105 attempts per day by hackers to take control of database applications at each average UK firm
UK firms were, on average, subjected to almost 65,000 internet-borne cyber attacks each in the three months to June.
The Impact of a Security Breach Dark Reading - Survey of 330 IT security professionals at companies with >100 staff -25 pgs - 30 June 2017
18% suffered from intellectual property theft or compromise of information confidentiality in the past year.
25% suffered direct financial losses due to an attack or breach in the past 12 months.
55% experienced phishing-initiated breaches in the past 12 months.
65% fell victim to malware-related breaches in the past 12 months.
Cyber Resilience Report Business Continuity Institute (BCI) – Report – 33pgs – 27th June 2017
33% of organisations with a business continuity professional suffered cyber disruptions costing > €50,000
60% of organisations have top management committed to cyber defences (up from 55% last year)
57% of organisations say Phishing & Social Engineering are the top driver of cyber disruption
23% of organisations involve their Business Continuity teams in cyber resilience issues
Reputation management remains a key driver in pushing the cyber resilience agenda
Sensitive Data in SharePoint and other Collaboration Tools Ponemon - survey of 1,043 IT security professionals in Germany, UK and USA - 49 pgs - 25th May 2017
79% don't have very effective tools for protecting sensitive content
68% don't have sufficient visibility of where sensitive data is located
PhishMe Malware Review 2017 PhishMe - analysis of 10,000 unique malware samples - 20 pgs - 6th June 2017
69% percent increase in botnet activity, which can facilitate a lengthy espionage operation
WannaCry was the “atom bomb of ransomware” worming malware
Know the Odds - Cost of a Data Breach Ponemon - 1 pg - 20th June 2017
28% chance of suffering a material data breach, vs 0.5% chance of dating a millionaire
An experienced incident response team can help you quickly identify and contain a cyber attack
Be prepared to provide responders with logs & tools to help them understand what happened
Be prepared to quickly execute a reset of all passwords and service accounts
Cost of Data Breach - Annual Study Ponemon - interviews of 419 organisations in 11 countries - 35 pgs - 20th June 2017
28% chance of businesses suffering a material data breach in next 24 months
14% reduction in total cost of a breach if companies have good incident response
$225 per lost record is average cost of breach in USA, vs $123 in UK and $64 in India
47% of breaches are caused by criminal or malicious activity; 28% by human error; 25% by system glitch
$380 per lost record is average cost of breach in healthcare, vs $150 in communications & $71 in public sector
National Exposure Index for cyber risk Rapid7, study of percentage of internet servers that are insecure – 39 pgs – 14th June 2017
Belgium hugely reduced its cyber exposure in last 12 months, through national leadership efforts
In the worst 10 countries (e.g. Australia, Ireland) 5% of internet servers are insecure
The Russian Federation and China are among the top 50 most exposed nations
United States and China are leaders in providing internet services to the globe
In the best countries, less than 1% of internet servers are insecure
2017 User Risk Report: Results of an international cybersecurity awareness survey WOMBAT (security technologies) – 16 pgs – 13th June 2017
US employees outpaced the UK nearly 2-to-1 in the misuse of corporate devices (71% vs 39%)
58% of US employees believe that their anti-virus software could save them from an attack
38% of US employees are using a password manage vs 10% in the UK
UK employees to leave their smartphones and tablets totally unprotected
54% believe that a trusted location = trusted WiFi
Rethink Security: A massive paradigm shift in the age of access Centrify – ebook – 36 pgs – 12th June 2017
Over $75B spent on cyber security last year to protect important assets
Cybercrime related damage costs are expected to exceed $6 Trillion annually by 2021
2/3 of all recent confirmed data breaches involved weak, default or stolen passwords
80% of security breaches involve privileged credential misuse
An average of 165,000 records are compromised every hour
Financial Infrastructure Report Riksbanken - Sweden's Central Bank - 22 pgs - 7th June 2017
A comprehensive cyber attack could result in central financial services becoming unavailable.
Even an insignificant part of operations that has been outsourced can become a target for cyberattacks.
Cyber attack against an important external supplier of IT services could put critical IT systems out of action for several banks.
The Current State of Enterprise Endpoint Security Duo - review of security on 4.6 million computer endpoints, e.g. smart phones - 53 pgs - 5th June 2017
62% of phishing campaigns captured at lease one credential and 68% had at least one out-of-date device.
53% of devices are running our of date Adobe Flash software, leaving them open to devastating attacks.
The majority of phishing cases feature phishing as a means to install persistent malware.
5% of mobile devices are "jailbroken" ("rooted") which opens them to malware attacks.
Hacking UK Trident nuclear systems BASIC (British American Security Information Council) - 38 pgs - 2nd June 2017
80% of global cyber attacks originate from social engineering and spear phishing
Cyber warfare: a vital part of conventional warfare and a new military domain
A cyber attack on a submarine may be apart of a multidimensional attack
UK nuclear weapons’ cyber vulnerabilities and challenges are immense
Breach Impact Study Ponemon, survey of 1,010 IT managers – Marketeers and Consumers – 31st May 2017
A data breach is one of the top three negative effects on brand reputation
61% of CMOs believe the biggest cost of a security incident is the loss of brand value
5% immediate stock price decline following the disclosure of a data breach
79% of consumers believe organisations have an obligation to control access to their information
70% of IT practitioners for not believe their companies have a high level of ability to prevent breaches
Modelling the cyber (insurance) gap Novae Insurance, study with Oxford University, 7 pgs, 17th May 2017
Oxford University have modelled relationships between risk controls, assets, and cyber harm
78% of UK organisations are not fully confident they can recover after a cyber disruption
40% of SMEs don’t back up their data at all and 60% of business data held on PC does not get regularly backed up
Data loss and downtime cost enterprises over $1.7 trillion round the globe
51% of organisations lack a disaster recovery plan
Akamai’s [state of the internet] / security Akamai - Report 80 pgs - 16th May 2017
28% increase in SQLi attacks in the last year
35% increase in total web application attacks in the last year
57% increase in web application attacks coming from the USA in the last year
UK Firms sleepwalking into cyber attach chaos Lockton - Survey of 200 CFOs, CROs and CIOs - 1 page - 15th May 2017
27% of firms fail to ensure their staff know how to deal with a cyber breach
60% of UK firms “think” they are well-prepared for cyber threats, despite being dangerously exposed
Only 50% of UK businesses involve the Board in cyber-breach planning
Just 8% of UK companies use hacking detection methods every day
26% of companies do not fail to “cyber” educate new staff
Half of UK firms claim their broker fails to discuss cyber CFC - research method not explained by author - 1 page - 8th May 2017
90% of cyber claims come from businesses with less than £50 million in revenue
50.8% of SMEs say that their insurance broker has not raised the issue of cyber insurance with them
56% do not have an incident response plan in place outlining roles and responsibilities in the event of a cyber attack.
UK Annual Statistics on Data Protection reports ICO - the UK Information Commissioner's Office - key statistics - 15th May 2017
ICO becoming slower, with 18% decrease in percentage of concerns addressed in 30 days, from 50% (2015/16) to 32% (2016/7)
80% of breaches reported to ICO come from the sectors required to report to ICO: health (41%) & telecoms (39%)
31.5% increase in data breaches reported by UK organisations to ICO over last 12 months, to 2,565
12% increase in the number of concerns received from the public over last 12 months
0.7% of organisations that reported a breach are fined, while 3% are given an Improvement Action Plan
Today's security is not secure Centrify – infographic – 1 pg – 15th May 2017
90% of all organisations are moving to the cloud
200 Billion IoT devices will need to be secured by 2020
$2.1. Trillion is the projected cost of data breaches by 2019
An average of 166,000 records are lost or stolen every hour
66% of organisations experience an average of 5 or more security breaches
Worldwide DDoS Attacks & Cyber Insights Research Report NeuStar Security Solutions – 52 pgs – 5th May 2017
40% of respondents learned of an attack on their network from their customers
90% of companies are investing more on DDoS- specific defences more than they did 12 months ago.
63% of all respondents indicated that the average peak hourly revenue loss was greater than $100,000
Your employees won’t protect you Glasswall – 10 pgs – 4th May 2017
Conventional antivirus and sandboxing solutions are no longer effective.
Relying on the vigilance of employees leaves a business open to devastating cyber-attacks.
94% of cyber attacks use what seems a legitimate email, Word files, Excel, PDF or PowerPoint.
In the US and UK, data-theft is the most commonly feared consequence of an attack.
Global Threat Intelligence Report Dimension Data - includes analysis of over 6.2 billion cyber attacks - 36 pgs - 4th May 2017
73% of malware that entered organisations came through phishing attacks
68% of organisations have no formal plan for (technical) incident response
47% of cyber vulnerabilities at organisations are more than 3 years old
USD 67,000 is the average cost of a business email compromise
USD 700 is the average cost of a ransomware incident
2017 Internet Security Threat Report Symantec - Data from 98 million sensors in 158 countries - 77 pgs - April 2017
266% increase in average ransomware demand over last 12 months, now at $1,077, vs $294.
237% increase in types of ransomware over last 12 months, now at 101, vs 30.
76% of websites have vulnerabilities, including 9% with critical vulnerabilities.
1 in every 131 emails sent worldwide is malicious.
2017 Thales Data Threat Report Thales - Report - 20 pgs - 2017
68% of respondents have experienced a breach with 26% experiencing a breach in the 12 months
73% of organizations have increased IT security spending in last 12 months, up from 58% in previous year.
European Cyber Security Perspectives KPN - report 68 pages - 11 May 2017
The threat to reliability, integrity and availability has never been this alarming.
Vulnerabilities in our information security lead to global instability.
The Realist's Guide to Practical Endpoint Protection F-Secure - Report - 24 pgs
A hands-on guide to fighting emerging cyber security threats like ransomware.
Many organizations think they’re protected because they comply with cyber security regulations. The truth is, compliance is not enough.
Humanizing Cybersecurity Article - The CyberSecurity Place - Aaron Tam
* Cybersecurity should be built around humans instead of devices or objects
* Deliver better customer experience and more tangible benefits rather than focusing on products
* Cybersecurity should be seen as something integral to our modern life. After all, cybersecurity is all about securing, protecting and connecting our need of technology in a more seamless manner.
CYBER SECURITY: ARE WE BARKING UP THE WRONG TREE? Article - Cyber Security Review - Ken Soh - The Good Hackers Alliance
Malware that crashes hard-disks and slows down desktop operations are common today and act by stealth.
Telstra Cyber Security Report Telstra - survey of 360 IT decision makers - 52 pages - May 2017
30% of Australian organisations that suffered a ransomware incident and paid the ransom did not recover their files (pg 18)
26% of Australian executives say the CEO is responsible for cyber security; 19% say it's the CIO's job (pg 11)
23% of Australian businesses have conducted a cyber attack rehearsal (pg 12)
23% of Australian businesses have estimated the value of their data (pg 12)
7% of Australian Directors say cyber security is not at all important (pg 9)
Cyber threat to UK business National Cyber Security Centre & National Crime Agency - report 24 pgs - April 2017
Cyber Threat to UK business is significant and rising
Cyber Insurance, Privacy and Data Security Newsletter DAC Beachcroft - May Newsletter
"Significant and growing" risk of cyber threats, as outlined by a recent report by the National Crime Agency.
Warning of increased risk related to Industrial Connected Devices; Internet of Things and Botnets.
Cyber crime is becoming "more aggressive and confrontational".
JOINT COMMITTEE REPORT ON RISKS AND VULNERABILITIES IN THE EU FINANCIAL SYSTEM Joint Committee of the European Supervisory Authorities - Report 16 pgs - 26 April 2017
Blockchain poses an increasing risk to Europe’s financial system
Inadequate IT governance can contribute to poor operational management practices
"Supervisors should consider to further assess the resilience of financial institutions to cyber security and ICT risks."
2017 Data Breach Investigations Report Verizon annual survey Data Breach Investigations Report (DBIR) April 27, 2017.
81% of hacking-related breaches leveraged either stolen and/or weak passwords.
75% of breaches perpetrated by outsiders.
73% of breaches were financially motivated.
62% of breaches featured hacking.
Cyber Security Breaches Survey 2017 HMG (UK Government) + University of Portsmouth: survey of 1,500 businesses - April 2017
66% of medium sized businesses "experienced a cyber security breach or attack" in the last year (Fig 5.1, pg 39)
57% of those companies have been materially impacted, eg 4% suffered reputational damage (Fig 5.5, pg 44)
3.8 days is the average time taken by medium sized businesses to deal with a breach (Table 5.2, pg 45)
19% of companies that suffered breaches or attacks reported the most disruptive one to the Police (Fig 6.4, pg 53)
8% of all UK businesses are aware of Cyber Essentials scheme, including 18% of medium firms and 28% of large firms (Fig 3.3, pg 13)
Why computers will never be safe Economist Magazine - Leader Page - April 2017
The incentives for software firms to take security seriously are too weak.
The risks posed by bugs and hacking are large and growing.
Computer security is a contradiction in terms.
The problem is about to get worse.
Phishing For Funds (BEC) Keith Turpin - CISO, UWA - 33 pgs - 10th March 2017
In 1 ½ years there has been a 1,300% increase in reported losses.
22,000 victims have lost 3$ billion.
Cyber Threat Defense Report Imperva - Cyber Edge -Survey of 1,100 IT Security decision makers - 37 pgs - 8th March 2017
33% of Ransomware victims paid the ransom, equal to 20% of all 1,100 surveyed
34% are confident they can monitor what their Privileged Users do online
Low security awareness among staff is the main concern among respondents
Likelihood of a breach Forrester, survey of 203 IT decision makers – 16 pgs – 28th February 2017
49% of Level 4 firms are likely to never experience a security breach across six key areas vs 32% of Level 1 firms
Level 4 firms experience about 50% fewer breaches than Level 1 firms
Level 4 firms average $5 million in cost savings
Level 1 firms endure $5,184, 600 more in costs than Level 4 firms
Level 1 firms experience 90% less benefits than Level 4 firms
The Currency of Trust CapGemini - survey of 180 security professionals + 7,600 consumers - 24 pgs - February 2017
21% of retail banks and insurers are highly confident that they can detect a cybersecurity breach.
29% of retail banks and insurers offer both strong data privacy practices and a sound security strategy.
26% of these institutions have been hacked, Vs 3% of consumers believe their bank or insurer has ever been breached.
74% of consumers [say they] would switch their bank or insurer in the event of a data breach.
85% of consumers want to be notified within one day of a breach.
Annual Cybersecurity Report 2017 Cisco - Survey of 2,912 security professionals - 110 pgs - 31 Jan 2017
The cost of a public data breach is ">20% of business opportunity" according 42% of security professionals.
56% of security alerts are investigated at average organisations. Of investigated alerts, half are "legitimate."
44% of "legitimate" security alerts are remediated at the average organisation.
65% of all email is spam, with about 9% of spam being malicious.
After a public breach, 29% of organizations lost revenue, including 22% that lost customers (pg 57).

Three leading exploit kits disappeared from the landscape in 2016, opening for new threats - Executive summary
Data Breach Report ITRC (Identity Theft Resource Center) - Details 1,093 publicly reported data breaches in USA - 19th Jan 2017
40% increase in the number of publicly reported data breaches in USA: 1,093 in 2016 vs 780 in 2015.
106% increase in number reported data breaches caused by hackers: 607 in 2016 vs 295 in 2015.
55.5% of data breaches reported in 2016 caused by hackers (including skimming & phishing).
GRIZZLY STEPPE – Russian Malicious Cyber Activity NCCIC & FBI - 13 pgs - 29th December 2016
Report details the tools and infrastructure used by Russians to compromise networks associated with the U.S. election.
APT28 leverages domains that mimic those of targeted organizations and trick victims into entering legitimate credentials.
APT29 crafts targeted spearphishing campaigns leveraging web links to a malicious dropper to Remote Access Tools (RATs).
Actors likely associated with Russian Intelligence are continuing to engage in spearphishing campaigns.
Indicators of Compromise and recommended Mitigations are detailed.
Microsoft Security Intelligence Report Microsoft - 19 pgs - 14th December 2016
20.6% of computers worldwide that give feedback to Microsoft encountered threats that were not blocked by their web browser.
Microsoft's Malicious Software Removal Tool (MSRT) identified a highly prevalent or serious threat on 1% of reporting computers.
Ransomware was detected by Microsoft on 0.82% of computers in Italy, and 0.74% in Bulgaria (the worst 2 countries worldwide).
According to Microsoft, 27% of computers that still use Windows Vista do not have any real-time security running on them.
Security of Mobile Payments and Digital Wallets ENISA - 47 pgs - 19th December 2016.
Report aims to help mobile payment providers ensure consumers & retailers are safeguarded from cyber threats.
Quotes ISACA survey of 900 mobile cybersecurity experts:
Reviews security features of Apple Pay, Google Pay, Samsung Pay.
ENISA identify 8 key threat areas and makes 4 recommendations.
Securing Smart Airports ENISA - Interviews with 20 organisations in 8 countries - 84 pgs - 16th December 2016
Most critical information assets held by airports: passenger check-in (38%); baggage handling (38%); CIPPS (31%); ATM (31%).
This report details three attack scenarios (e-Tickets; Baggage Handling; Drone Intercept) and their cascading effects.
This report details 8 main gaps in relation to cyber security in smart airports, and offers 8 recommendations.
Yahoo announces largest breach in history (again) 14th December 2016 - Data shown on "Information is beautiful"
Breach of 1 billion accounts included Passwords, Secret Questions, DOBs, Names and Phone Numbers.
Breach occurred 5 years after warning that Yahoo's MD5 encryption is "broken and unsuitable for further use."
Yahoo responds: "We have invested more than $250 million in security initiatives across the company since 2012."
Yahoo added "we have a deep understanding of threats and strive to stay ahead to keep our users and our platforms secure."
Cyber security incidents reported to UK's ICO ICO - Information Commissioner's Office - 5th December 2016
46% increase over last 3 months in cyber security incidents reported in UK to ICO
54% increase in over last 3 months in cyber exfiltration incidents (where hacker extracts data)
Cyber Security & Intelligent Mobility Transport Systems Catapult (TSC) - over 54 organisations interviewed - 44 pgs - 24th November 2016
Cyber Security issues faced by Transport will not simply be an acceleration of the current constant, with more cyber-attacks.
80% of security & mobility professionals identify autonomous vehicles as a major cyber security issue.
In excess of 250 million connected vehicles will be on the roads globally by 2020.
"A rogue actor seizing control of a fleet of vehicles does not bear thinking about."
"Many IoT products are being released without even basic security protocols in place."
The UK government has classified its transport network as one of its 13 critical national infrastructures.
Cyber Insurance Claims Study NetDiligence - sampling of 176 cyber liability insurance claims - 56 pgs - 17th October 2016
The average (mean) total breach cost was $665K, with an average (mean) payout for Crisis Services of $357K.
The typical (median) breach cost was $60K, including a typical (median) cost for Crisis Services of $43K, including $16K on legal.
The average (mean) payout from cyber insurance is $495K (74% of cost), with typical (median) payout $49K (82% of cost).
Cause of the Loss covered by Cyber Insurance reported as: Hackers (23%); Malware (21%); Lost Device (13%); Staff Mistake (9%).
Uncovering hidden threats within encrypted traffic Ponemon Institute - Sponsored by A10 - International survey of 1,023 IT & Security Practitioners - 16 pgs - 30th August 2016
Nearly half of cyber attacks used malware hidden in encrypted traffic to evade detection.
75% of IT experts admit malware could steal employee credentials from their networks.
A surprising outcome of the growing use of encryption technology is an increase in cyber attacks.
Encryption that protects sensitive data can allow malware hidden inside encrypted traffic to pass uninspected into an organization.
Cost of cyber incidents affecting CIIs ENISA - 32 pgs - Review of 17 studies of cost of cyber-security incidents on Critical Information Infrastructures - 5th August 2016
"Measuring real impact of cyber incidents in terms of the costs needed for full recovery proved to be quite a challenging task."
A large majority of organisations still have not implemented basic security controls against cyber attacks.
DoS/DDoS and malicious insiders constitute approximately half the annualized cost of all cybercrime.
It is estimated that cyber-attacks against oil and gas infrastructures will cost $1.87 billion by 2018.
The financial loss from cyber incidents reaches up to 1.6% of GDP in some EU countries.
Cyber-attacks affecting IoT and similar infrastructures are increasing dramatically.
Are Data Breaches Becoming More Common? Motherboard - 1 pg - 28th July 2016
Dumps of databases of breached personal information appear to be increasing over 50% per year
The 2016 State of Privileged Account Management Report Thycotic - Survey of over 500 IT security professionals - 35 pgs - 25th July 2016
76.5% of organisations say Privileged Account Management security a high priority.
67.2% of organisations allow a single approver to create a new Privileged Account.
39.8% of organisations use the same security for Privileged Accounts as Standard Accounts.
17.8% of organisations have not changed the default passwords on Privileged Accounts for some of their systems.
UK Crime Rate set to double after true scale of internet offences laid bare The Guardian - 1 page summary of Office of National Statistics report - 21 July 2016
One in 10 people in England and Wales have been victim of cybercrime in the past year, first official figures show.
5.8m incidents of cybercrime in the UK in the last year according to ONS estimate.
These figures include online shopping scams, virus attacks, theft of bank details and other online offences.
2m computer misuse offences include 1.4m virus attacks plus 0.6m hacks of personal information.
Law firms’ cyber fraud losses up 40% in a year Hazelwoods - 1 pg - 20th July 2016
UK law firms’ losses to cyber fraud have jumped by 40% in the last year alone as the costs of email hacking continue to rise.
Cyber frauds at UK law firms in the six months from November 2015 to April 2016 totalled £2.53 million.
Law firms expected to repay lost client funds immediately.
Ransomware and Businesses 2016 Symantec - 30 pgs - 19th July 2016
$679 is the average Ransomware demand - more than double the $294 at the end of 2015. Highest demand is $5,083.
31% of Ransonware attacks are in USA, followed by Italy, Japan, NL, DM, UK, Canada, Belgium, India & Australia.
57% of Ransomware attacks are on Consumers. Among businesses, Services & Manufacturing suffer half attacks.
Keep security software, operating system & other software up to date, delete suspicious email, back-up data.
Security Beyond the Traditional Perimeter Ponemon - BrandProtect - interviews with 591 IT and IT security practitioners in the United States - 5 pgs - 18th July 2016
External threats include socially engineering, impersonations, ransomware, malware, rogue social domain activity and hactivism.
The assets that executives believe external threats put at risk: Reputation (60%), Revenue (52%), Employee Safety (47%).
79% of respondents have inadequate security processes for monitoring social media and the internet for external threats.
62% of respondents say external threats are harder to detect than internal threats.
$3.5 million is average spend to deal with each external attack.
Mapping the CyberSecurity Landscape Ward Solutions - Survey of 133 senior IT professionalsin Ireland - 16 pgs - 15th July 2016
46% of Irish companies would not disclose a data breach to impacted third parties.
26% of Irish companies have not planned for potential data breaches.
23% of Irish companies don’t have policies or controls in place when it comes to third-party access to data.
79% of Irish companies invest in IT security more for reasons of "Compliance" than to "Reduce Security Risks"
52% rise in young identity fraud victims in the UK Cifas (the UK’s leading fraud prevention service) - data on confirmed fraud cases from 261 member organisations - 5th July 2016
57% increase in confirmed Identity Fraud cases in UK, to 148,463.
86% of all identity frauds in 2015 were perpetrated online.
Video shows Social Media risks:
Taking the Offensive - Working together to disrupt digital crime BT & KPMG - 33 pgs - 4th July 2016
Gartner estimates that spending on digital security in 2015 was $75bn.
A DDoS attack costs just $5 per hour to mount but more than $40,000 an hour to defend against.
22% of companies say they are fully prepared to combat security breaches perpetrated by organised crime.
The internet economy is estimated to be about $4.2 trillion, but digital crime currently costs the world in the region of $400 billion.
2016 State of Cybersecurity in SMBs Ponemon - 30 pgs - 30th June 2016
14% of SMBs (Small & Medium Sized Businesses) rate their ability to mitigate cyber attacks as highly effective.
59% of SMBs say they have no visibility into employees' password practices and hygiene.
65% of SMBs do not strictly enforce their documented password policies.
Cyber Resilience Report 2016 Business Continuity Business Continuity Institute (BCI) - 369 respondents in 61 countries - 29th June 2016
Top causes of Cyber Disruption: 61% Phishing, 45% Malware, 37% Spear Phishing, 24% Denial of Service, 21% Old Software.
Some respondents cited that they only came to know about a disruption through law enforcement & the media.
19% of respondents report it takes over 4 hours for their organisation to respond to a cyber incident.
7% of respondents estimated the cumulative cost of cyber incidents at over €250k.
66% of respondents report at least 1 cyber incident in last 12 months.
CyberSecurity and the M&A Due Diligence process NYSE Governance & Veracode - Survey of 276 Directors - 8 pgs - 30th June 2016
78% of deal makers didn’t specifically quantify cybersecurity risk in their M&A due diligence processes in 2015.
74% of directors claim a high profile breach would significantly lower the valuation of an acquisition, or stop it completely.
31% of Directors say the discovery of major security vulnerabilities would "very likely" affect an acquisition or merger.
Assessing the risk of the expanded security perimeter created by adding web applications of acquired company.
Perimeter assessments by Veracode identified nearly 40% more applications than their owners were aware of.
Security & the C-Suite Radware - survey of 205 IT executives 19 pgs - 28th June 2016
91% of British Executives say they won't pay cyber ransom, but 64% do pay when attacked.
29% of Executives say IoT devices are extremely likely to be top avenues for cyber attacks.
Companies that paid cyber ransoms reported an average of $7,500 in the U.S. and £22,000 in the U.K.
Board-level concerns about cyber attacks: damage to brand (34%), operations (31%), revenues (30%), productivity (24%).
Cost of Data Breach Ponemon - IBM - 32 pgs - Study of 383 companies in 12 countries - 15th June 2016
Mean Time to Identify a breach = 201 days (range = 20 to 569). Then Mean Time to Contain = 70 days (range of 11 to 126).
48% of breaches in this study caused by malicious or criminal attacks, 27% by "system glitch," 25% by human error.
$4 million is the average total cost of data breach (up 29% since 2013): more in Healthcare, Education & Finance.
Abnormal churn following a breach ranges from 6.2% in Finance and 5.3% in Health to 0.1% in Public Sector.
Probability of a data breach in next 12 months involving a minimum of 10,000 records = 25.6%.
Cost is reduced most by: Incident Response Team (-10%), Encryption (-8%), Training (-6%).
$158 is the average cost per lost or stolen record (up 15% since 2013).
£1bn lost by UK businesses to online crime in a year Get Safe Online & Action Fraud - Crimes reported to the NFIB - published 13th June 2016
22% increase in number of online crimes reported, at 37,070 in last year.
66% increase in Mandate Fraud (when fraudster gets victims to change a direct debit or standing order): 2,323 crimes reported.
Other types of fraud which have spiralled are CEO Fraud and extortion (RansomWare).
Hacking is one of the most widely reported types of fraud in the past 12 months, with 1,314 reported cases.
Cyber Resilience - How to protect small firms Federation of Small Businesses - Questionnaire completed by 1,006 respondents in UK - 10th June 2016
66% of small businesses have been a victim of at least one cyber crime in the last 2 years.
Phishing & Spear Phishing are the most common cyber attacks, experienced by 49% & 37% of small businesses.
The highest incidence of Phishing is suffered in the arts, entertainment and recreation sector.
The average cost of cyber crime to small businesses is just under £3,000.
State of the Internet Akamai - 10 pgs - 7th June 2016
125% increase in total DDoS attacks in last year, (including 138% increase in mega attacks over 100 Gigabytes per second).
26% increase in Web Application Attacks in last year, (including 236% increase in web application attacks over HTTPS).
Symantec Monthly Threat Report Symantec - Global Intelligence Network (GIN) - 3rd June 2016
1 in every 2 emails are spam.
1 in every 134 emails link to malware.
1 in every 2,284 emails are phishing.
Phishing Activity Trends Report APWG - 23rd May 2016
250% surge in unique Phishing websites detected over last 6 months.
123,555 unique Phishing sites identified in March 2016.
42% of Phishing attacks target the Retail & Services sector.
18% of Phishing attacks target the Financial Services sector.
51% of PCs in China are infected with Malware, 23% in UK, 20% in Sweden.
Managing Insider Risk through Training & Culture Ponemon survey of 601 individuals in companies with data protection and privacy training - 23rd May 2016
60% of companies believe employees are not knowledgeable about the company’s security risks.
49% of companies that offer data protection training include Phishing in the course.
46% of companies that offer data protection training make it mandatory.
43% of companies that offer data protection training provide only one basic course.
35% of companies have leaders who prioritise training staff about data security risks.
29% of companies with mandatory data protection training give an exception to CEOs.
Users really do plug in USB Drives they find IEEE Security and Privacy Symposium - Universities of Illinois & Michigan + Google - 14 pgs - 23rd May 2016
48% of the USB drives dropped randomly were picked up, plugged in, and clicked on by users.
USB Drives marked "Confidential" more likely to be opened than those marked with Owners return label.
No difference between the demography, security knowledge and education of the users who plugged USB drives.
This research raises the question of the effectiveness of security education at preventing breaches.
Timeline of Disruption HPE - Hewlett Packard Enterprise - Infographic - May 2016
55 years after Passwords were introduced on computers, 33% of companies still allow weak ones.
41 years after Encryption was introduced on computers, 35% of organisations still don't use it.
117 million LinkedIn Passwords for sale Motherboard - report of sale by Hacker called "Peace" - 18 May 2016
Details actions taken today by LinkedIn's CISO, about these passwords stolen in 2012
Cyber and The City TheCityUK and Marsh - 36 pgs - 17th May 2016
Includes map of the 31 organisations fighting cyber threats to Financial Services in the UK.
"Surveys say average annual cost of cyber crime to large firms is £1.5m – £3m, but this is likely to be far short of the actual cost."
Recommended Check-List for Board: #1 - The main cyber threats for the firm have been identified and sized.
Recommended Check-List for Board: #8 - Preparations have been made to respond to a successful cyber attack.
"We propose that the financial sector sets up a Cyber Forum comprising a steering group of Board level cyber risk owners."
"The City should work on systemic cyber risk reduction: infosharing, risk aggregation & sector resilience."
The Business of Hacking HPE - Hewlett Packard Enterprise - 20 pgs - 17th May 2016
Weaknesses of Hacker Business Model: paranoia, anonymity, breakdown of trust, extra tracking features in tools.
Threats to Hacker Business Model: Law Enforcement, New Security Tech, "Noisy" Newbies, Weakest Link in Groups.
Breaches of Unsecured Health Information in USA U.S. Department of Health and Human Services - Breaches affecting >500 individuals - 13th May 2016
1,551 breaches of personal medical data reported in USA, impacting 158 million individuals, in the last 60 months
20% of medical data breaches involved a "business associate" of the medical organisation, eg billing, insurance, software provider.
Privacy & Security of Healthcare Data Ponemon - survey of 91 healthcare organisations & 84 of their business associates in USA - 51 pgs - 12th May 2016
89% of healthcare entities in USA say they know they experienced at least 1 data breach in the last 2 years.
69% of healthcare entities in USA believe they are at greater risk than other industries for a data breach.
53% of healthcare entities in USA are confident they would be able to detect the loss or theft of patient data.
50% of breaches affecting healthcare entities are reported to be caused by a criminal attack, 41% by a "third-party snafu."
40% of healthcare entities in USA hire external third parties to help with breach response.
31% of actual breaches known to healthcare entities in USA were identified by patients.
The real cost of data breaches FireEye - Interviews with 6,500 individuals in 6 countries - 11th May 2016
91% of consumers say "24 hours or less" is acceptable delay before an organisation holding their data informs them of any breach.
32% of consumers say their loyalty to an organisation would diminish if it suffered a data breach.
21% of consumers think an organisation that has suffered a breach in the past would be more secure than other organisations.
15% of consumers say "I do not want to be associated with any brand capable of losing its customers' data."
13% of consumers say they would definitely pay more to a provider with better data security.
Among causes of a breach, the least harmful to consumer loyalty is Human Error (vs eg organisational negligence).
UK Cyber Security Breaches Survey UK Government - telephone survey of 1,008 representative UK businesses - 50 pgs - 8th May 2016
95% of all UK businesses kept their most disruptive breach from the public, including 82% who don't report breaches to police.
24% of all UK businesses detected at least 1 cyber security breach in last year, including 51% of medium firms and 65% of large firms.
18% of all UK businesses are aware of ISO27001, including 39% of medium firms and 60% of large firms.
17% of all UK businesses provided any training on cyber security to any staff in last year, including 38% of medium firms and 62% of large firms.
10% of all UK businesses have formal cyber security incident processes, including 25% of medium firms and 42% of large firms.
Where a breach is detected, business operations are back to normal in under a week in 92% of cases, including 78% in under a day.
6% of all UK businesses are aware of Cyber Essentials scheme, including 11% of medium firms and 20% of large firms.
FTSE 350 Cyber Governance Health Check UK Government - Survey completed by 113 companies in the FTSE 350 - 36 pgs - 8th May 2016
71% of Britain's 350 top companies anticipate that net cyber risk will increase in the next year or so.
In the last 2 years, the percentage of UK's top companies that place Cyber as a Top Risk has doubled, to 49%.
In the last 2 years, the percentage of UK's top companies that clearly set their appetite for cyber risk has doubled, to 33%.
In the last 2 years, the % of UK's top companies that review Information Assets "regularly and thoroughly, at main Board" doubled, to 15%.
2% of Britain's top 350 companies say that Cyber Risk "is a technical subject, not warranting Board-level consideration."
World's Biggest Data Breaches Information is Beautiful - 6th May 2016
Reuters report: 273 million email passwords stolen 5th May 2016: Reuters reporting that 1 in 7 Yahoo email accounts appear compromised, plus hundreds of millions of other email accounts.
Social Engineering by Chocolate University of Luxembourg - Survey of 1208 random individuals - published 4th May 2016
48% expressed their gratitude for a piece of chocolate by giving the researcher their password.
(This is better than 2007, when 64% did so, & much better than the 71% who did in 2004.)
Data Breach Investigations Report Published by Verizon - 85 pgs - 25th April 2016
Analysis of 2,260 confirmed data breaches across 82 countries in last 10 years.
63% of confirmed data breaches involved weak, default or stolen passwords.
89% of breaches have a financial or espionage motive.
30% of phishing messages are opened, and 12% of targets actually download malicious software.
Organisations are told of their Breach by Law Enforcement (41%), Third Parties (35%), Fraud Detection (14%) or Internal (10%)
Internet Security Threat Report Published by Symantec - 81 pgs - April 2016
The number of sophisticated “zero day” cyber attacks is rising at 125% a year
The number of personal identities reported as breached jumped 23% to 429 million
Companies choosing not to report the size of their data breach increased by 85% in the last year
Spear-phishing campaigns targeting employees increased 55% in 2015
78% of web sites reviewed by Symantec had vulnerabilities, of which 15% were "critical"
Ransomware increased 35% in 2015
Web Site Hijacking Google and University of California - Analysis of 760,935 web sites that were hijacked - April 2016
In an average week, Google identifies 15,000 web sites that have been compromised by hackers.
Google finds that 40.5% of web site hijackings aren’t fixed a month after Google has notified the site owner.
Google finds that 12% of hijacked web sites fall victim to a new attack within 30 days.
Google reports that “webmasters often find hijacking to be a traumatic experience”
Cybersecurity as a growth advantage Cisco - survey of 1,014 C-level executives - 23 pgs - April 2016
41 percent of C-Level Executives are much more concerned about cybersecurity than they were just three years ago.
The main purpose of cybersecurity is to Enable Growth, according to 35% in Retail, 34% in Transport, 33% in Banking, vs 23% in Hospitality.
"Secure Digitizers" capitalize on Cybersecurity and Compete to win.
SMEs Under Threat - Databreach preparedness study (UK) Experian - survey of 302 IT business decision makers + 2,008 consumers in UK - 14 pgs - 7th April 2016.
The average SME under-estimates the cost of a data breach by 40%.
Staff disagree about who is responsible for a breach: 44% say CEO & Board; 42% say IT.
Almost all organisations that have experienced a breach now invest in response plans.
23% of SMEs believe their customers would stop using the company if the safety of their personal data was jeopardised.
77% of SMEs say the financial impact of a breach would be significant to the day-to-day running of their organisation.
Consumer Attitudes Toward Data Breach Notifications RAND Corporation - 78 pgs - Survey of 2,038 American adults - April 2016
11% of US adults who received a breach notification say they quit doing business with the hacked company
Older, Richer & more Educated consumers are about 50% more likely to close or switch from breached account (pg 31)
62% of US adults say they accepted offers of free credit monitoring after a breach
Actions wanted from hacked company: prevent repeat of breach, offer free credit monitoring, notify consumers immediately.
The Accountability Gap Report – Cybersecurity and Building a Culture of Responsibility Tanium & Nasdaq - 32 Pgs - April 2016
The worst 10% of the 1,530 Executives interviewed in 8 countries are "highly vulnerable"
Among the "highly vulnerable" Executives: 91% can’t interpret a cybersecurity report, only 10% are updated about cybersecurity.
40% of these Executives don't feel responsible for the repercussions of cyber attack
FBI warns of Dramatic Increase in Business E-Mail Scams FBI - Phoenix, USA - April 2016
Victims range from large corporations to tech companies to small businesses to non-profit organizations
270% increase in identified victims and exposed losses from this "spear fishing" and "whale fishing" since January 2015
Over $2.3 billion in losses reported by 17,642 victims since October 2013
Schemers spoof company e-mail or use social engineering to assume the identity of the CEO, etc.
Datastrophe Code 42 - 25 pgs - March 2016
55% of enterprise IT decision makers say end users don’t understand the risks that poor data security poses to the business
25% of knowledge workers don't trust their employers with their data
25% of knowledge workers don't tell their IT Teams about external systems they use to share company data
Annual Data Breach Trends Kroll - 8 pgs - March 2016
60% of breaches investigated by Kroll were caused by human errors (eg accidental exposure, or lost devices).
58% of breaches considered malicious or non-accidental were low-tech, such as from laptop thefts.
32% of data breaches investigated by Kroll were of paper records.
16% increase in cyber hacking incidents investigated by Kroll over previous year.
Cause of breach: 48% Current Employee; 31% Outside Perpetrator; 17% Related Third Party; 4% Former Employee.
Cyber Risk Diligence in M&A Good Harbor and Sidley Austin LLP - 20 pgs - 4th March 2016
Cyber Risk is "material" when M&A target possesses data on consumers, employees, cardholders, or intellectual property.
Annual Loss Expectancy of future years should be discounted to provide risk discount on acquisition.
Buyers should assess major upstream & downstream players in the supply chain of company being acquired.
State of Cybersecurity - Implications for 2016 ISACA and RSA - global survey of 461 cybersecurity managers - 23 pgs - March 2016
75% of cybersecurity managers expect to fall prey to a cyberattack in 2016.
82% of companies’ board of directors are “concerned” or “very concerned” about cybersecurity.
Only 31% of cybersecurity managers are comfortable with their ability to detect and respond to complex cyber incidents.
62% of cybersecurity managers expect risk will increase in the long term, Vs 7% who think it will decrease.
BYOD & Mobile Security LinkedIn ISC on "Bring Your Own Device" to work - survey of 882 IT professionals - 39 pgs - March 2016
Main concerns among IT about BYOD: 72% data leak; 56% unauthorised access to systems; 54% users download unsafe apps.
42% of IT staff struggle to detect and remediate threats on mobile devices.
39% of IT staff know that mobile devices used by staff have downloaded malware, 35% are unsure.
24% of IT staff know that mobile devices used by staff have access a malicious WiFi, 48% are unsure.
21% of IT staff know that mobile devices used by staff have been involved in a security breach, 37% are unsure.
Cyber security in the boardroom CGI - 28 pgs - 15th March 2016
28% of UK board members think that a cyber breach is an IT issue.
38% of UK board members think their company will suffer a cyber security breach in the next twelve months.
52% of CEOs in B2B companies are accountable for cyber security, but only 18% of CEOs in B2C companies.
Cyber Security - Underpinning the digital economy Institute of Directors (UK) - 24 pgs - March 2016
12.5% of IoD members have experienced damage due to a cyber attack that interrupted business
72% of cyber attacks on UK companies aren’t reported to the police
68% of IoD Members are unaware of Action Fraud, the UK’s national reporting centre for fraud and internet crime
Cyber Chasm: disconnect between C-suite & Security EIU (Economist Information Unit) - Survey of 1,100 executives at large firms - 25 pgs - 3rd March 2016
The #1 asset to be protected during a cyber attack is Reputation, according to the C-Suite.
Reputation is the #5 priority among assets that cyber security leaders focus on.
Data Breach Digest Verizon - 82 pgs - March 2016
Of the breaches Verizon has investigated, 16% due to Social Engineering, 9% to Digital Extortion.
The types of attack that hit Services companies most often are Crimeware, then Web App attacks.
The types of attack that hit Mining companies the most are Insider, then Espionage.
Business leaders inadvertently leave their companies open Digitalis Reputation - March 2016
51% of UK business leaders have altered privacy settings on websites such as Facebook to protect sensitive personal information.
Only 24% of UK business leaders regularly check what information about them is easily accessible online.
64% of UK business leaders use strong passwords and change them regularly.
55% of UK business leaders only accept friend requests from people they already know.
CyberThreat Defense Report CyberEdge - Survey of 1,000 IT Security Professionals from Large Organisations - 36 pgs - March 2016
85% of large companies spend >5% of their IT budgets on security, including 30% spending >15%.
62% of IT Security staff at large companies expect their organization will fall victim to a successful cyberattack in the coming year.
30% of IT Security staff at large companies are confident their employer adequately monitors privileged IT users.
25% of security professionals doubts their organization has invested adequately in cyberthreat defenses.
Low security awareness among staff is the strongest inhibitor of efforts to defend large organisations from cyberthreats.
State of the Internet - Security Report Akamai - 76 pgs - 29th February 2016
149% increase in last 12 months in number of DDoS (Denial of Service) attacks
49% decrease in last 12 months in average attack duration, to 15 hours.
The gaming sector is most frequently hit by DDoS attacks.
The retail sector is most frequently targeted in web application attacks.
Global Economic Crime Survey PWC - 56 Pgs - Feb 2016
Over 60% of businesses express no confidence in the ability of law enforcement to deal with cyber crime
55% of UK organisations have suffered economic crime in last 24 months
24% of UK organisations have suffered cyber crime in the last 24 months (an increase of 20%)
51% of UK organisations expect to be the victim of cybercrime in next 24 months
Cyber Threat Brief Webroot - 24 pgs - February 2016
Cybercriminals created 29% more Malware files (such as Ransomware) in 2015 vs 2014
Cybercriminals now design 97% of Malware to be polymorphic (changing shape to avoid detection)
Cybercriminals created 100,000 new malicious IP addresses each day in 2015, up 18% on 2014
Horizon Scan 2016 Business Continuity Institute - 32 Pgs - February 2016
Survey of 568 organisations in 74 countries
The top threats to business continuity in 2016: #16 = Earthquake, # 4 = Terrorism, #2 = Data Breach, #1 = Cyber Attack
85% of Business Continuity Managers fear the possibility of a cyber attack
Annual Data Breach Report California DoJ - 76 Pgs - February 2016
Analysis of 657 breaches in 4 years to December 2015
90% of all the data records reported lost are caused by cyber attack
Failure to implement all 20 ISCS Controls constitutes a lack of reasonable security... .
Cyber Risk Report 2016 HP - analysis of over 7,000 scanned applications - 17th Feb 2016
153% yearly growth in newly discovered malware samples on Android platform
The most exploited bug in 2014 (Allaple) is still the leader in 2015, demonstrating poor patching by organisations. [The malware was created in 2006, and the author was jailed in 2010, but Allaple is still the most frequently seen malware on corporate systems.]
Threat Landscape 2015 ENISA - 88 pgs - 27th January 2016
Top 3 Threats all increased in last 3 months: Malware, Web based attacks, Web application attacks.
Malware increases by about 1m new samples per day, to over 2bn, mostly held in Russia (50%), USA (12%), NL (8%), DM (5%).
Web Based Attacks are based on bad URLs, with 58,000 new ones detected daily, of which 50% are hosted in USA.
Web Application Attacks support malware injections & data breaches, with key methods being Shellshock (40%), SQLi (28%).
DDoS attacks rose in number by 130%. The most attacked sectors are Gaming (35%), Software (27%) & Internet Providers ( 13%).
Physical theft / loss is the fastest rising threat (up from #10 to #6), and is a leading cause for data breaches and identity theft.
Phishing attacks cost large companies about $380 per employee, vs $3.7 for training to bring a 50% mitigation of this threat.
Attitudes to Data Protection in Ireland Irish Computer Society DPO - 26 pgs - January 2016
20% of Irish organisations are certain they had a breach in 2015
4.4% of organisations are certain they had a breach in 2015 that affected over 100 individuals
Only 12% of breaches caused by malicious attack, Vs 70% by staff & 12% by 3rd party over last 2 years
2.8% of Irish organisations identified they suffered 1 or more breaches caused by malicious attack in last 2 years
Cybersecurity in Private Equity eSentire and PEI - Survey of 91 PE Firms - 24 pgs - January 2016
61% of PE Firms expect to come under cyber attack in next 12 months
45% of PE firms believe that cybersecurity is a high threat to business their operations
11% of PE firms have standardised cybersecurity for all of their portfolio companies
Responsibility for cybersecurity sits with the PE Firm's CFO (50%), COO (24%), CIO (12%)
Annual Security Report Cisco - 87 pgs - January 2016
45% of security professionals are confident they can determine scope of a breach
55% of CEOs are not told about data breaches
Who gets told about about security incidents: CEO (45%), HR (32%), Legal (28%), PR (24%), Authorities (18%)
State of the Data Nation Informatica - January 2016
62% of consumers say they’d lose trust if a company didn’t communicate about a breach
56% of consumers say they’d lose trust if a company suffered a 2nd confirmed breach in a year
Cyber is #1 Operational Risk for 2016 Survey of Chief Risk Officers worldwide, by Risk.Net - January 2016
"Cyber risk has been shown to be a clear and present danger to business and the public generally"
Cyber preparedness: the next step for boards EY - 2pgs - January 2016
46 days is the average time needed to resolve an attack.
19% - the annual increase in cost of cybercrime to businesses.
Only 5% of Directors at the world’s largest firms are knowledgeable about cybersecurity matters.
Only 7% of organizations claim to have a robust incident response program for cyber attacks.
Cyber Resilient Enterprise - UK Ponemon Institute and Resilient Systems (IBM) - Survey of 450 IT practitioners in UK organisations - Jan 2016
44% of UK firm's leaders recognise that cyber resilience affects enterprise risks and brand image.
43% of UK organisations do not have any CSIRP (Cyber Security Incident Response Plan) at all.
32% of UK organisations experience collaboration between business functions that is either poor or non-existent in cyber.
18% of UK organisations have a well-defined CSIRP (Cyber Security Incident Response Plan) that is applied consistently
Annual CEO Survey PWC - 44 pgs - January 2016
Cyber security is a worry for 61% of CEOs worldwide, including for 79% of those working in Insurance
74% of UK CEOs worry about cyber security
Only 38% of CEOs in the Mining sector are worried about cyber security
Targeted cyber attacks - trouble at your door Quocirca - 17 pgs - December 2015
State of the Internet - Security Akamai - 61 pgs - December 2015
State of Cybersecurity Survey Inhouse Lawyers - ACC - Association of Corporate Counsel - 14 pgs - December 2015
Survey of in-house lawyers hailing from 887 organizations in 30 countries
Employee Error is the number-one cited cause of breaches, said to be behind 26%-36% of system breaches
48% of American inhouse laywers say their company has mandatory training on cybersecurity for all employees
Cyber security - A failure of imagination by CEOs KPMG - 12 pgs - December 2015
20% of CEOs say information security is the risk they are most worried about
10 cyber security predictions ThreatStream - 2 pgs - December 2015
Cyber security sector struggles to fill skills gap Financial Times - 2 pgs - 18th Nov 2015
"Largest human capital shortage in the world” as demand for cyber security experts forecast to outstrip supply by a third.
Only 103,000 people are CISSP-certified, but there were almost 50,000 job openings for CISSP-certified workers in the US in 2014.
Cyber security is more difficult to recruit for than data science, advanced manufacturing and petroleum engineering.
(ISC)2 expects demand for cyber staff to increase 10.8% pa to 2019, while supply will increase 5.6% pa.
In the UK, salaries have increased up to 10% pa for cyber security staff, & 16% for consultants.
Data Breach Trends Risk Based Security - 14 pgs - November 2015
Retail and eCommerce Security SecurityScorecard - 19 pgs - November 2015
Attacks on Industrial Control Systems HBKU and MIT - 33 pgs - November 2015
Cyber Risks - Alternate cyber futures for the world Atlantic Council - 25 pgs - November 2015
Cyber Risk of growing importance to Credit Analysis and Ratings Moodys Investor Service - 17 pgs - November 2015
Data Breach Industry Forecast Experian - 9 Pgs - November 2015
Insider Threat RSA EMC - 25pgs - November 2015
Global state of Information Security PWC - 39 pgs - November 2015
In 2015, the average organisation detected 38% more information security incidents than in 2014
Retail and Consumer organisations detected 154% more incidents in 2015 than in 2014
Security Issues that deserve a Logo Tenable - 31 pgs - November 2015
Global Information Security Survey 2015 EY - 34 pgs - November 2015
Retail Hacking Season R-CISC - 12 pgs - November 2015
CyberCrime - Consumer Data Under Threat Deloitte - 28 Pgs - November 2015
73% of consumers "would reconsider a company it failed to keep their data safe”
33% of consumers would "close their online account following a breach"
Global Cybersecurity Assurance Report Card Tenable - 19 pgs - November 2015
Insider Threat Index Clearswift - 11 pgs - November 2015
Botnets are the new data breach threat ThreatMetrix - 2pgs - November 2015
Vulnerability Risk Management NopSec - 8 pgs - November 2015
High Profile and International Events Cyber Security Advice Australian Cyber Security Centre - 5 Pgs - November 2015
UK National Computer Emergency Response Team - Q2 Report CERT UK - 13 pgs - Published November 2015
Malware remains the greatest threat to cyber-security
The 5 sectors reporting the most incidents: Government, Communications, Professional Services, Financial Services, Health
The Conficker worm is the most prolific malware affecting the UK, despite being discovered almost seven years ago
European Cyber Risk Survey Report Marsh - 14 pgs - October 2015
79% of European organisations don't assess suppliers they trade with for cyber risk.
68% of European organisations have not estimated the financial impact of a cyber-attack.
55% of European organisations don't have cyber risk on their corporate risk register.
27% of European organisations possess an incident response plan for material cyber events.
Insider Risk Report - Riskiest Users Intermedia - LARGE FILE - Survey of 2,031 users in UK and USA - October 2015
32% of IT professionals admit they have given out their login / password credentials to other employees
28% of IT professionals admit they have accessed systems belonging to previous employers after they left the job
31% of IT professionals admit they would take data from their company if it could positively benefit them
52% of IT professionals admit they use re-use their personal passwords for business apps
41% of Millennials think it’s OK to install applications on their work computer without consulting IT
30% of Millennials admit they have emailed company information to a personal email address
What CEOs should know about Cybersecurity ATT - 36 pgs - October 2015
78% of employees don't obey company policy on information security
APT - Advanced Persistent Threat report ISACA CSX - 17 Pgs - October 2015
Cost of Cyber Crime to UK organisations with 1,000+ staff Ponemon - HP - 31 pgs - 2015
Denial of service, malicious insiders and web-based attacks account for 49% of all cyber crime costs per organisation
Average cyber crime costs are up 14% in last 12 months
Navigating the threat landscape 10 tips - Kaspersky - 20 pgs - October 2015
Biggest data breaches Information is Beautiful - October 2015
Cyber Attacks cost business $300bn per year Grant Thornton - 2 pgs - Sept 2015
Debate: The Market for Cyber Insurance isn't Sustainable Professional Liability Underwriting Society (PLUS) - 17th September 2015
Cybersecurity - Executive Guide Foley and Lardner - 18 pgs - September 2015
Information Security Data Breaches Survey PWC - InfoSecurity - UK Government - 8 pgs - September 2015
Typical cost of each "Worst" data breach of year: for a large firm = £1.5m to £3.1m; for a small firm = £75k to £311k
90% of large UK businesses & 74% of small ones know they suffered "some form" of information security breach in last 12 months
75% of large UK businesses & 31% of small ones know they suffered staff-related security breaches in the last year
69% of large UK businesses & 38% of small ones know they experienced cyber attack last year
50% of the worst security breaches were caused by "human error," 28% "partly by senior management"
The Greatest Cybersecurity Risk Comes From Within - Insider Threat Caresani and Snyder - 5 pgs - September 2015
Guide to Cyber Risk Allianz - 32 pgs - Sept 2015
$445bn - the estimated annual cost to the global economy from cyber crime
$200bn - the estimated annual cost to the world’s largest four economies (US, China, Japan and Germany).
80% of cyber-attacks can be prevented or mitigated by basic information risk management
50 billion machines will be exchanging data on a daily basis in the near future.
By 2025 the cyber insurance market could be worth $20bn
A catastrophic cyber loss is increasingly likely.
Data Breaches 2005-2015 - Debunking Myths TrendMicro - 51 Pages - Sept 2015
Data Breaches 2005-2015 - By Industry TrendMicro - 24 Pages - Sept 2015
Most Ransomware Isn’t As Complex As You Might Think Engin Kirda - LastLine Labs - 26 pgs - 5th August 2015
Only 36% of Ransomware studied actually delete files, & most "deletion" manipulates but leaves data on disk.
60% of Ransomware studied don't delete, simply create a persistent new desktop
Executive Brief on Information Security Universities in USA - Educause - 11 pgs - August 2014
Top 10 Risks for Internal Audit in 2015 KPMG - 16 pgs - July 2015
DDOS - Distributed Denial of Service Akamai Technologies - pg 70 - July 2015
Cyber Risks as viewed by UK Captains of Industry AIG - 6 pgs - July 2015
52% of businesses rarely discuss cyber security policy at board meetings (only 26% actually do)
47% of companies do not designate cyber security to be a boardroom issue.
Lists the 5 key questions companies should be asking themselves as the cyber threat continues to evolve.
Cyber Threat Report 2015 Australian Cyber Security Centre - 28 Pgs - July 2015
Audit Committee Oversight of Cyberrisk EY - 12 Pgs - July 2015
Global CEO Outlook - Cyber KPMG -32 Pgs - July 2015
Cybercrime Survey in USA PWC - 16 Pgs - July 2015
Hackers expose credentials of staff at half of FT 500 Europe Recorded Future - 7 pgs - June 2015
Organised Crime National Crime Agency UK - 47 pgs - June 2015
Cybersecurity threat to Growth GrantThornton - 8 pgs - June 2015
Cyber Security Infographic HP and FireEye - 4 pgs - June 2015
Cost of Data Breach in USA Ponemon - IBM - 22 Pages - May 2015
Last year there was an 11% increase in the total cost of a data breach, to a $217 average per lost or stolen record
An Incident Response team can decrease the average cost of a data breach by 11%.
CyberCrime & the Internet of threats 0.12% of cyber attacks resulted in security incidents in 2013
The cost of malicious data breaches will exceed $2 trillion in 2019, equivalent to 2.2% of global GDP.
Are Millennials the latest security threat? Software Advice - Survey of 529 employees of U.S. businesses - May 2015
85% of those born after 1980 re-use passwords etc across different sites
19% of those born after 1980 accept social media invites from strangers "most, or all of the time"
15% of those born after 1980 “very likely” to find a way around security controls they consider too restrictive
Website Security Statistics WhiteHat - 30 pgs - May 2015
86% of all websites have a serious vulnerability
Cybersecurity for For-for-Profit Leadership GrantThornton - 47 Pgs - May 2015
Threat Brief 2015 Webroot - 24 pgs - April 2015
Interactive Exercise Game on responding to a Targeted Cyber Attack Trend Micro - March 2015
Cyber Crime Extortion ThreatTrack Security Study - 3pgs - March 2015
Cyber Guide for SMEs UK Government - CyberEssentials - 14 pgs - March 2015
Cyber Risk Report for IT Directors HP - 76 Pgs - March 2015
Global Megatrends in Cybersecurity Raytheon Ponemom - 23 pgs - February 2015
Cyber security risks in the supply chain and third party risks CERT-UK and CiSP - 12 Pgs - February 2015
"A determined aggressor will identify the organisation with the weakest cyber-security, & gain access to other members of the supply chain."
Risks highlighted include your suppliers of: web site development, data aggregation, data storage.
"Challenge your suppliers to practice and develop collaborative processes for reacting to compromise or data breaches"
Internet of Things (IoT) - research study HP Enterprise - February 2015
80% of IoT devices have privacy concerns
80% of IoT devices have poor passwords
70% of IoT devices lack encryption
60% of IoT devices have vulnerabilities in the User Interface
Cybersecurity - You are Already Compromised Level 3 - 5 pgs - February 2015
"There are more than 100,000 new strains of malware distributed by over 10,000 malicious new domains each day."
Horizon Scan Survey BSI - 34 pgs - Feb 2015
Data Breach Trends of 2014 Risk Based Security - 12 pgs - February 2015
Breach Notice Letter to Customers - Anthem - 3pgs - Feb 2015.pdf
Reducing Cyber Risk in 10 Critical Areas UK Government - CyberEssentials - 21 pgs - Jan 2015
Cyber Governance - FTSE 350 Healthcheck KPMG and UK Government - 24 pgs - January 2015
Common Cyber Attacks CESG GCHQ - 21 Pages - Jan 2015
Common Cyber Attacks InfoGraphic CESG GCHQ - 1 Page - Jan 2015
California Data Breach Statistics California Attorney General - 1pg - Jan 2015
Executive Breach Response Playbook Brochure - HP - 12 pgs – Jan 2015
Steps to surviving your first data breach as CIO AlienVault - 12 pgs – Jan 2015
Insider Threat Report Vormetric - 24 pgs - Jan 2015
Cyber Threat Landscape ENISA - EU Agency for Network and Information Security - 89 pgs - December 2014
California Data Breach Report CDoJ - 56 pgs - Oct 2014
Senior Exec Involvement in Breach Response Ponemon - 30 pgs – Oct 2014
Privileged Users and Data Breaches IANS - Thycotic - 11 pgs - Sept 2014.pdf
Data Breach Notification Guide Australian Government - 49 pgs - Aug 2014
Data Breach Resilience example - Castle 1204 Alan Calder - 1pg - July 2014
Consumer Data Insecurity Report Javelin - 33pgs - June 2014
Cyber Risk Oversight - Director's Handbook ISA NACD AIG - 64 pgs - June 2014
Economic Impact of Cybercrime Intel McAfee - 24 pgs - June 2014
Data Breach Guide v4 Online Trust Alliance - 39 pgs - April 2014
Security Metrics FireMon - Ponemon - 34 pgs - April 2014
50% of IT security staff "actively omit negative facts" in updates to executives
Malware in Pirated Software Is Costing the World Billions IDC - 35 pgs - March 2014
Optimism Bias in cyber security BitSight - 6 pgs - March 2014
94% of companies think their security is better than the bottom third of companies
POS System Breaches - Point of Sale for Retailers and Hospitality Trend Micro - 18 pgs - February 2014
Risk in a Hyperconnected World McKinsey - Interviews with 250 Executives - 40 pgs – Jan 2014
The main principles for Cyber Resilience: Recognize, Educate, Integrate and Promote.
Challenges to Resilience: Jurisdiction limitations, Accountability, Liability, Info Sharing and Public/Private sector imbalances.
The notion of cyber security seems quaint in a world where it is impossible to draw a clean ring around one company.
Large organizations can be the target of 10,000 cyberattacks per day.
58% of executives say cyberattacks could have major strategic implications for their company over the next 5 years.
10% of executives say cyberattacks are an existential threat for their company over the next 5 years.
Cyber Security Incident Response Procurement Guide CREST CSIR - 56 pgs - November 2013
Cyber Security Incident Response Supplier Selection Guide CREST CSIR - 40 pgs - November 2013
Data Breach Response Sample Policy 3 pgs - DII Inc - 2013
Computer Security Incident Handling Guide NIST - 79 pgs – Aug 2012
Playing war games to prepare for a cyberattack McKinsey - 6 pgs – July 2012
Responding to a Data Breach DII Inc - 2 pgs - 2012
Lightweight Breach Notification Plan Ingenuity - 2012 - 30 pgs
(Tools on Slide 23-4)
Critical Security Controls Tripwire - 64 Pgs - October 2013
Cyber Scenario Planning Commonwealth Bank of Australia - 51 pgs - February 2013

Membership gives unlimited access to the Cyber Rescue curated library of expert advice on cyber attacks, including:


Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur pharetra dapibus pharetra. Donec interdum eros eu turpis pharetra et hendrerit est ornare. Etiam eu nulla sapien. Nullam ultricies posuere nunc, eget mollis nulla malesuada quis.