Annual Security Reports

State-of-Container-Security (2025) - Analyzes security findings and threat trends including key attack patterns, vulnerability data, and defensive recommendations drawn from data collected across hundreds of security practitioners. Findings span 10 or more priority risk areas, providing actionable guidance for organizations seeking to strengthen their security posture.

State Of Cloud Security (2025) - Analyzes cloud security posture across AWS, Azure, and Google Cloud with a focus on identity risks, default security gaps, and the uneven adoption of guardrails like IMDSv2, data perimeters, and public access blocks. The study highlights persistent trouble spots such as long-lived credentials, overprivileged third-party roles, and aging workloads that miss secure defaults, even as multi-account governance and modern identity patterns gain traction.

Cloud Native Security and Usage Report (2025) - Analyzes cloud-native security trends and usage patterns in 2025. Key findings reveal a significant increase in the adoption of runtime security tools and a growing focus on securing AI/ML workloads, alongside persistent challenges in managing identities across human and machine interactions.

State of AI in the Cloud (2025) - Analyzes the current state of AI in cloud environments, focusing on adoption rates, security challenges, and governance issues. Key findings reveal DeepSeek's rapid growth and the continued dominance of OpenAI, alongside a rising trend of self-hosted AI deployments and stabilized adoption of AI managed services.

Analyzes the 2024 landscape of Microsoft vulnerabilities and their long-term trends. Key findings indicate a record high of 1,360 total vulnerabilities, alongside an all-time low of 78 critical vulnerabilities, though Microsoft Edge saw an unexpected rise in critical issues.

Aanalyzes the financial impact of CVE management on organizations using containerized environments. Key findings indicate that mid-market organizations can unlock significant value through decreased risk $2.8M, increased revenue $2.2M, and faster innovation $3.3M by improving their CVE management practices and compliance.

Analyzes the global surge in cybersecurity vulnerabilities throughout 2025, documenting a record pace of disclosures and the increasing speed of weaponization by threat actors. Key findings reveal that over 21,500 vulnerabilities were cataloged by midyear, with 38 percent rated as high or critical severity, while 28 percent of observed exploits were launched within 24 hours of initial disclosure.

Analyzes the global state of full stack security by evaluating vulnerability data across web applications, APIs, and host systems to provide actionable risk management insights. Findings reveal that 53 percent of vulnerabilities discovered in 2024 were classified as high or critical severity, while the number of publicly reported exploits in the wild increased by 20 percent compared to the previous year.

Analyzes the 2025 Imperva Bad Bot Report, detailing the evolving landscape of automated internet traffic and its impact on businesses. Key findings reveal that automated traffic now surpasses human activity at 51%, with malicious bots comprising 37% of all internet traffic, driven significantly by the increasing accessibility and sophistication of AI-powered attack tools.

Analyzes the monthly vulnerability landscape based on Secunia Research data, providing insights into emerging threats and trends. Key findings include a significant year-to-date increase in advisories and the identification of actively exploited zero-day vulnerabilities in critical software like Microsoft Windows and Google Chrome.

Analyzes the correlation between spikes in attacker activity and subsequent CVE disclosures, particularly in edge technologies. The report reveals that in 80% of analyzed cases, attacker activity spikes preceded new CVE disclosures within six weeks, offering defenders a critical window for proactive security measures.

Examines the 2026 cybersecurity threat landscape based on Hornetsecurity's analysis of over 72 billion emails processed, highlighting evolving attack vectors and defensive strategies. Key findings reveal a 131% surge in malware-laden emails, a 29% increase in ransomware victim organizations, and a growing reliance on AI by threat actors alongside increased investment in AI-powered defenses.

Analyzes cybersecurity exposure trends across 3,000 small to midsize organizations, focusing on vulnerability detection and response metrics. Key findings reveal a 19% increase in high-severity issues driven by AI-weaponized legacy CVEs, alongside a significant improvement in critical remediation rates to 89% within 30 days.

Analyzes malware and vulnerability trends observed in the first half of 2024, focusing on exploitation of remote access and security software. Key insights reveal a significant 103% increase in Magecart infections and the continued dominance of infostealer malware, with operators actively refining evasion techniques.

Analyzes the cybersecurity landscape of the first half of 2025, covering mobile security, significant vulnerabilities, and APT operations. Key insights reveal a growing concern over the sustainability of critical infrastructure like CVE, alongside a surge in credential theft and sophisticated malware campaigns targeting both consumers and industrial systems.

In 2025, VulnCheck identified 884 Known Exploited Vulnerabilities KEVs for which evidence of exploitation was observed for the first time. Our analysis shows that 28.96% of KEVs in 2025 were exploited on or before the day their CVE was published, an increase from the 23.6% observed in our 2024 trends in exploitation report.

Commercial Directors and Officers Insurance Insights (2026) - Examines the evolving landscape of directors and officers liability, highlighting how geopolitical instability, cyber threats, and artificial intelligence are driving increased litigation and regulatory scrutiny. Key findings reveal that the average settlement value for securities class actions rose by 27 percent to 56 million dollars in the first half of 2025, while global business insolvencies are projected to increase by 6 percent in 2025 and 5 percent in 2026.

Information Risk Insights Study (2025) - Analyzes incident probability and the increasing risks associated with third-party relationships. A key finding is that incident probability has almost quadrupled in the last 15 years, driven in part by threat actors exploiting trusted relationships with external service providers to compromise target organizations.

Cybersecurity Statistics (2025) - Analyzes the evolving cybersecurity landscape of 2025 by examining global breach costs, prevalent attack vectors, and the increasing sophistication of ransomware and artificial intelligence threats. Key findings indicate that ransomware now accounts for 44 percent of all breaches, while the global cost of cybercrime is projected to reach 10.5 trillion dollars as supply chain vulnerabilities and human-centric social engineering continue to drive record-breaking incident volumes across critical industries.

Cost Of A Data Breach Report (2025) - Analyzes the financial impact of data breaches, with a significant focus on the emerging risks and benefits associated with artificial intelligence adoption. While global average breach costs declined to USD 4.44 million due to AI-powered defenses, findings reveal that 97% of AI-related breaches lacked proper access controls, and 16% involved AI-driven attacks.

Annual Data Breach Report (2025) - Analyzes the U.S. data breach landscape in the first half of 2025, identifying a persistent dominance of cyberattacks and supply chain vulnerabilities. Key findings highlight a sharp decline in victim notices despite steady compromise volumes, alongside a concerning trend where 69% of breach notifications fail to disclose specific attack vectors.

Ripples Across The Risk Surface (2025) - Investigates the prevalence and financial impact of multi-party ripple incidents, which occur when a single cybersecurity breach propagates across multiple organizations. Analysis of over 1,500 incidents reveals that while ripple events are less frequent than single-party breaches, they routinely trigger losses 10 times higher for the generating firm. Furthermore, the data indicates that downstream costs for receiving organizations have risen steadily over time, with median per-firm losses for generators reaching 4.7 million dollars compared to 1.8 million dollars for receivers.

Annual Insurance Review (2026) - Examines the evolving landscape of insurance risks, focusing on the intersection of artificial intelligence, cybersecurity, and emerging litigation trends in the United States. Key findings indicate that while cyber claim frequency remained stable, severity dropped by 50 percent year over year due to improved incident response, even as business email compromise and funds transfer fraud accounted for 60 percent of total cyber claims.

Third Party Breach Report (2025) - Analyzes the landscape of third-party cyber risk and its impact on organizations globally. Key findings indicate a significant increase in third-party breaches, with Retail & Hospitality and Technology sectors experiencing the highest exposure, and file transfer software vulnerabilities emerging as a primary attack vector.

Data Breach Investigations Report (2025) - Analyzes data breach trends and patterns from 2025. Key findings reveal a significant increase in social engineering attacks and a persistent reliance on easily exploitable web application vulnerabilities, highlighting the need for improved employee security awareness training and robust application security measures.

OT Cybersecurity Report A Year in Review(2025) - Analyzes the 2025 OT/ICS cybersecurity landscape, focusing on adversary tactics and defender progress. Key findings reveal a rise in OT-centric cyber operations fueled by geopolitical tensions, particularly the Ukraine-Russia conflict, and the increasing activity of threat groups like KAMACITE and ELECTRUM.

Networks OT IoT Security Report(2025) - Analyzes operational technology and internet of things cybersecurity trends in the second half of 2024. Key findings reveal a significant increase in sophisticated attacks targeting industrial control systems, highlighting the growing need for robust security measures in critical infrastructure.

OT Cybersecurity Report A Year in Review(2025) - Analyzes the 2025 OT/ICS cybersecurity landscape, focusing on adversary tactics and defender progress. Key findings reveal a rise in OT-centric cyber operations fueled by geopolitical tensions, particularly the Ukraine-Russia conflict, and the increasing activity of threat groups like KAMACITE and ELECTRUM.