<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=767728527273058&amp;ev=PageView&amp;noscript=1">

Reporting Season

3 min read
Mar 30, 2018 12:00:00 AM

Whether you consider them a marketing gambit or rely on them to help discern trends, cyber research reports and surveys have become part of the annual cyber news cycle. Below we list several interesting reports that were released in early 2018 and why they may be worth a look.

I’m not certain who coined the term “insight economy,” but I admire how IBM’s David Laverty described its defining hallmarks as organizations using data and analytics “to outthink their competition, identify new and better business opportunities, and reshape their industry.”

Awash in data, savvy cyber leaders have quickly grasped that it’s never been more important for business leaders to quickly understand what is happening and what that means as it relates to the ever-changing cyber landscape. Periodic reports and surveys showcase their ability to parse through mounds of data to unearth interesting and relevant insights. When you have a moment, check out the following:

Flashpoint Business Risk Intelligence Decision Report: 2017 End-of-Year Update

One of the first reports to be published in 2018, the third edition of Flashpoint’s biannual Business Risk Intelligence (BRI) Decision Report provides a forward-looking assessment of the geopolitical landscape, based on its assessment of 2017’s most significant activities. Using a threat matrix to break out the capabilities and potential impact of nine categories of threat actors, the BRI report also bullets out eight “flashpoints”—bellwethers that it expects may prompt “major shifts in the cyber threat environment.”

Verizon Protected Health Information Data Breach Report (PHIDBR)

An industry-specific offshoot of its seminal Verizon Data Breach Investigations Report (DBIR), the 2018 PHIDBR highlights the fact that protected health information (PHI) is at risk despite run-of-the-mill attack vectors. Notable points include:

  • Basic security measures are not being implemented—lost and stolen laptops with unencrypted PHI continue to cause breach notifications.
  • 58% of incidents involved insiders—healthcare is the only industry in which internal actors are the biggest threat to an organization.
  • Ransomware is the top malware variety by a wide margin—it represented 70% of incidents involving malicious code.
  • Medical device hacking stirs media hype but databases and paper documents are the most often affected assets in breaches.

PWC’s Global State of Information Security® Survey 2018

A trio of reports, the Global State of Information Security® Survey 2018 examines how global business leaders can improve cyber and privacy risk management. The first two reports focus on cyber disruptions and privacy and trust. The third report (scheduled to be released in April) focuses on the long-term future of cybersecurity. Through its stats and pronouncements, PWC’s survey underscores that the challenge for CEOs is going beyond awareness to action, and it seeks to jolt stalled risk management efforts into action. A more compelling motivation might be found in PWC’s 2018 Global Investor Survey, where it reports 41% of investors and analysts are now extremely concerned about cyber threats. They see it as the largest threat to business, rising to first from fifth place in 2017, whereas CEOs rank it behind over-regulation and terrorism.

CyberArk Global Advanced Threat Landscape Report 2018

Another report released in three parts, CyberArk’s global study is divided into the business view of security, the inertia that’s putting enterprise at risk, and a focus on DevOps. Notable insights include the stat underscoring the dangers of inertia, which shows that almost half (46%) of IT security professionals say their security strategy rarely changes substantially—even after a cyber attack; and that while preparations and training are important, “only 8% of security decision-makers say their organization continuously conducts Red Team exercises.”

Cisco 2018 Annual Cybersecurity Report

This report bluntly states: “The fact is, defenders can see what’s on the horizon. Many clues are out there—and obvious.” It cautions defenders against “allowing the chaos of daily skirmishes with attackers to consume their attention,” lest they “fail to recognize the speed and scale at which adversaries are amassing and refining their cyber weaponry.”

As to the risks Cisco sees on the horizon, the report highlights three key trends: (1) the rise of very sophisticated malware; (2) adversaries who are becoming more adept at evasion and encryption; and (3) exploitation of gaps in security due to rapidly expanding use of IoT and cloud services.

Prepared to Share?

Does your business have unique perspectives or market insights that you’re dying to release to a wider audience? Whether you’ve got a data-driven story to tell, or just have a list of questions your clients want the answers to, let’s talk.

At Katzcy, we’re proven growth hackers who can help you fine-tune your marketing strategy and incorporate a wide range of activities like surveys and annual reports. Check out our interviews with 28 cyber leaders that were compiled into a Cyber Competition white paper or contact us for a consultation to get started.