Handy Access to Reports, Graphics and Other Resources
“Our incident response exercises by Black Arrow have been a game-changer. Participant engagement is high, driven by realistic and interactive scenarios. The outputs revealed many assumptions.”
- Offshore Wealth and Fund Manager
Websites/Online Resources
Known Exploited Vulnerabilities Catalogue - CISA - List of the vulnerabilities known to be being exploited by malicious actors
World’s Biggest Data Breaches & Hacks — Information is Beautiful - website that shows the scale and extent of data breaches from 2004 to date
How Secure Is My Password? a website where you can see how quickly passwords can be broken or brute forced. Try putting in a single word and see how quickly that can be broken, then try entering three or four random words (the prevailing guidance from the NCSC and others) and see how much harder it is for these passwords to be broken.
Have I Been Pwned: Check if your email has been compromised in a data breach - enter your email address(es) and see if they have been compromised in earlier data breaches
CVE Details - database of vulnerabilities by date, severity and vendor
Ransomware tracker: the latest figures - The Record by Recorded Future
Ransom-DB - Live Ransomware Statistics
List of data breaches and cyber attacks 2021 (ITGovernance.co.uk)
Industry Publications and Reports
2024
EU’s first ever report on the state of cybersecurity in the Union | ENISA - December 2024
NCSC Annual Review 2024 - NCSC.GOV.UK - December 2024
KnowBe4 Releases the Latest Phishing Trends - December 2024
The State of Supply Chain Defense in 2024 Report - October 2024
VIPRE’s Email Threat Trends Report: Q3 2024 - VIPRE - October 2024
2024 Brand Threats and Fraud Report (phishlabs.com) - October 2024
Microsoft Digital Defense Report 2024 - October 2024
Tenable Cloud Risk Report 2024 | Tenable® - October 2024
The State of Attacks on GenAI | Analysis of Real-World Attacks (pillar.security) - October 2024
2024 Cyber Claims Report Mid-year Update (coalitioninc.com) - October 2024
ESET Threat Report H1 2024 | ESET - October 2024
2025 Global Digital Trust Insights Survey: PwC - October 2024
2025 State of Cybersecurity | CompTIA - September 2024
ENISA Threat Landscape 2024 — ENISA (europa.eu) - September 2024
Progress update on Microsoft’s Secure Future Initiative | Microsoft Security Blog - September 2024
Vipre Q2 2024 Email Threat Report - July 2024
Fortifying Cyber Resilience: Insights Into Global Cybersecurity Practices (keepersecurity.com) - July 2024
Cost of a Data Breach Report 2024 (ibm.com) - July 2024
2024 Security Awareness Report | SANS Institute - July 2024
Internet Organised Crime Threat Assessment (IOCTA) 2024 | Europol (europa.eu) - July 2024
2024 Cyber Threat Report | Huntress - July 2024
McPartland Review of Cyber Security and Economic Growth - June 2024
The Top Trends Shaping Identity And Access Management I... | Forrester - May 2024
2024 State of Multicloud Security Risk Report (microsoft.com) - May 2024
Q1 2024 Threat Landscape Report: Insider Threat & Phishing Evolve Under AI Auspices (kroll.com) - May 2024
State of Cybersecurity Trends Report 2024 | Ivanti - May 2024
2024 Cyber Threat Report | Huntress - May 2024
2024 Q1 Mobile Landscape Threat Report (lookout.com) - May 2024
Q1 2024 Global Phishing Report (knowbe4.com) - May 2024
2024 Voice of the CISO | Proofpoint UK - May 2024
Arctic Wolf Labs 2024 Threat Report | Arctic Wolf - May 2024
2024 Cloud Protection Trends (veeam.com) - May 2024
At-Bay's 2024 InsurSec Report - May 2024
Kaspersky Incident Response Analyst Report 2023 - May 2024
The State of Ransomware 2024 - Sophos - May 2024
Global Threat Intelligence Report 2024 by NTT Security Holdings - April 2024
2024 Data Breach Investigations Report | Verizon - April 2024
Cobalt's 2024 State of Pentesting Report (prweb.com) - April 2024
The State of Security 2024 | Splunk - April 2024
Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com) - April 2024
Cybersecurity in the UK - House of Commons Library (parliament.uk) - April 2024
Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org) - April 2024
Coalition's 2024 Cyber Claims Report (coalitioninc.com) - April 2024
2024 Cisco Cybersecurity Readiness Index - April 2024
M-Trends 2024 | Google Cloud - April 2024
Global Data Protection Index Report | Dell USA - April 2024
Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org) - April 2024
Cyber security breaches survey 2024 - GOV.UK (www.gov.uk) - April 2024
ThreatLabz 2023 Phishing Report | ITPro - April 2024
The 2024 Sophos Threat Report: Cybercrime on Main Street – Sophos News - April 2024
The State of Email & Collaboration Security 2024 | Mimecast - April 2024
The State of Email & Collaboration Security 2024 | Mimecast - March 2024
Kaspersky spam and phishing report for 2023 | Securelist - March 2024
Email Security in 2024: An Expert Look at Email-Based Threats - VIPRE - February 2024
IBM Security X-Force Threat Intelligence Index 2024 - February 2024
Cyber Threat Index 2024: Scans, Honeypots, and CVEs (coalitioninc.com) - February 2024
IBM XForce Threat Intelligence Index 2024.pdf - February 2024
CrowdStrike 2024 Global Threat Report | CrowdStrike - February 2024
[Ebook] 2023 Year in Review: Phishing Attacks and Trends (vadesecure.com) - February 2024
The State of Ransomware in 2023 | BlackFog - February 2024
HP Wolf Security Threat Insights Report Q4 2023 | HP Wolf Security - February 2024
Cyber Bank Heists | Cybersecurity Threats Facing Financial Sector | Contrast Security - January 2024
ReasonLabs Releases Annual "State of Consumer Cybersecurity Report" for 2024 (prnewswire.com) - January 2024
Gartner Report: Innovation Insight for Application Security Posture Management (legitsecurity.com) - January 2024
Barracuda's new Cybernomics 101 report uncovers the financial forces driving cyberattacks (prnewswire.com) - January 2024
The 2024 Specops Breached Password Report Reveals Two Million Compromised Cloud Credentials Used ‘123456’ as Password | Business Wire - January 2024
Cloudflare Releases 2024 API Security and Management Report (infoq.com) - January 2024
2023
Annual Payment Fraud Intelligence Report: 2023 | Recorded Future - December 2023
2023 Zscaler ThreatLabz State of Phishing Report | Zscaler - November 2023
NCSC Annual Review 2023 - NCSC.GOV.UK - November 2023
The State of IT Security in SMBs 2023-2024 - October 2023
Elastic Global Threat Report 2023 Reveals Dominance of Ransomware | Business Wire - October 2023
The CISO Report | Splunk - October 2023
APT trends report Q3 2023 | Securelist - October 2023
New CISO research sets out priorities, challenges and tips for success in a challenging landscape post - BSS - October 2023
Trustwave SpiderLabs Research: Cybersecurity in the Financial Services Sector - October 2023
WMware Global Incident Response Threat Report 2022 - October 2023
Microsoft Digital Defense Report 2023 (MDDR) | Microsoft Security Insider - October 2023
Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023 - National Cybersecurity Alliance (staysafeonline.org) - October 2023
QBE Mid-sized Business Risk Report | QBE US - September 2023
The State of Pentesting 2023 Report | Cobalt - September 2023
Ransomware and the cyber crime ecosystem - NCSC.GOV.UK - September 2023
Cybersecurity: The 2023 Board Perspective - September 2023
2023 State of Ransomware | Malwarebytes - August 2023
Internet Organised Crime Threat Assessment (IOCTA) | Europol (europa.eu) - July 2023
Cost of a data breach 2023 | IBM - July 2023
Q1 Report: Email Threat Trends Discover Q1 trends and stay ahead of email based threats. - VIPRE - July 2023
Eset H1 2023 Threat Report (eset.com) - July 2023
How to Use Threat Intelligence to Mitigate Third-Party Risk Free Report (tradepub.com) - July 2023
Phishing Trends and Tactics: Q1 of 2023 | Tripwire - July 2023
The Threat Report: June 2023 | Trellix - July 2023
Secure Sign-in Trends Report | Okta - June 2023
Threat Intelligence report 2023 | Nokia - June 2023
2023 Data Breach Investigations Report | Verizon - June 2023
Global Threat Intelligence Report 2023 (security.ntt) - May 2023
Global Threat Intelligence Report April (blackberry.com) - May 2023
Introducing the DRM-Report Q1 2023: Unveiling the Current State of Ransomware - May 2023
UK Cybersecurity Landscape: challenges and opportunities | Expel - May 2023
The State of Pentesting 2023 Report | Cobalt - May 2023
Kaspersky Incident Response report 2022 - May 2023
2023 Ransomware Report: Sophos State of Ransomware - May 2023
2023 Voice of the CISO | Proofpoint UK - May 2023
Q1 Cofense Phishing Intelligence Report - Cofense - May 2023
2023 AT&T Cybersecurity Insights Report: Edge Ecosystem (att.com) - May 2023
ESET APT Activity Report Q4 2022–Q1 2023 | WeLiveSecurity - May 2023
Email Threats - Discover the latest trends and stay one step ahead - VIPRE - April 2023
DDoS threat report for 2023 Q1 (cloudflare.com) - April 2023
Bitdefender 2023 Cybersecurity Assessment | Bitdefender - April 2023
Annual Report: Leading Anti-Phishing Solutions | Cofense - March 2023
2023 State of Cloud Permissions Risks report now published - Microsoft Community Hub - March 2023
2023 Ransomware Insights | Barracuda Networks - March 2023
2023 Annual Identity Exposure Report | SpyCloud - March 2023
Cybersecurity focus in second Digital Europe work programme – EURACTIV.com - March 2023
State of Cybersecurity for Mid-Sized Businesses in 2023 | Huntress - March 2023
Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant - March 2023
2023 Annual Identity Exposure Report | SpyCloud - March 2023
2023 SonicWall Cyber Threat Report - March 2023
2023 State of the Phish Report - Phishing Stats & Trends | Proofpoint US - March 2023
2023 CrowdStrike Global Threat Report - March 2023
2023 Saas Security Threat Landscape Report (docontrol.io) - March 2023
2023 Browser Security Annual Report - Download Now (layerxsecurity.com) - March 2023
Rapid7's 2022 Vulnerability Intelligence Report | Rapid7 Blog - February 2023
2023 SonicWall Cyber Threat Report | SonicWall - February 2023
2022
2022 Global Threat Report | Elastic - November 2022
Cybersecurity Threats Fast-Forward 2030: Fasten your Security-Belt Before the Ride! — ENISA (europa.eu) - November 2022
Report on DDoS attacks in Q3 2022 | Securelist - November 2022
The 2022 Cloud Data Security Survey Report | Flow Security - November 2022
Microsoft Digital Defense Report 2022 | Microsoft Security - November 2022
Psychology of Passwords 2022: Proactive Cybersecurity | LastPass - November 2022
APT trends report Q3 2022 | Securelist - November 2022
ENISA Threat Landscape 2022 — ENISA (europa.eu) - December 2022
Attack Surface Management 2022 Midyear Review Part 3 | TrendMicro - November 2022
Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape — ENISA (europa.eu) - November 2022
Mid-Year Update: 2022 SonicWall Cyber Threat Report | Sonicwall - November 2022
Q3 2022 Phishing and Malware Report: Phishing Volumes Increase 31% | VadeSecure.com - October 2022
Justice response inadequate to meet scale of fraud epidemic - Committees - UK Parliament - October 2022
Attack Surface Management 2022 Midyear Review Part 2 | TrendMicro - October 2022
Attack Surface Management 2022 Midyear Review Part 1 | TrendMicro - October 2022
Financial and cyber crimes top global police concerns | INTERPOL report - October 2022
Post-Quantum Cryptography: Anticipating Threats and Preparing the Future — ENISA (europa.eu) - October 2022
Building a Holistic Insider Risk Management Program | Microsoft - October 2022
2022 State of the Threat Report | Secureworks - October 2022
VMware Global Incident Response Report 2022 - September 2022
2022 Ransomware Defense Report | SpyCloud - September 2022
Falcon OverWatch Threat Hunting Report 2022 | CrowdStrike - September 2022
Cyber Security: Benchmarking Security Gaps & Privileged Access (delinea.com) - September 2022
Tackling the Growing and Evolving Digital Attack Surface 2022 Midyear Cybersecurity Report (trendmicro.com) - August 2022
Cyber Signals: Defend against the new ransomware landscape - Microsoft - August 2022
Threat Spotlight: The untold stories of ransomware - Journey Notes (barracuda.com) - August 2022
Hiscox Cyber Readiness Report 2022 - July 2022
ENISA Threat Landscape for Ransomware Attacks — ENISA (europa.eu) - July 2022
Decade Retrospective: The State of Vulnerabilities | Trustwave - July 2022
Online Payment Fraud Market Report 2022-27: Size, Share, Trends (juniperresearch.com) - July 2022
State of Authentication in the Finance Industry 2022 | HYPR - July 2022
Global Small Business Multi-Factor Authentication (MFA) Study, Cyber Readiness Institute - July 2022
2021 Ponemon Workforce Privacy Report - DTEX Systems - July 2022
State of Data Exfiltration and Extortion 2022 - Titaniam - June 2022
Defending Ukraine: Early Lessons from the Cyber War - Microsoft On the Issues - June 2022
Q1 2022 Incident Response Insights from Tetra Defense | Arctic Wolf - June 2022
State of Email Security | Mimecast - June 2022
State of Open Source Security 2022 | Snyk - June 2022
Voice of the CISO 2022 | Proofpoint - June 2022
The Human Factor Report 2022 | Proofpoint US - June 2022
Router Security Report 2021 | Securelist - June 2022
2022 Data Breach Investigations Report | Verizon - May 2022
State of Cybersecurity Report 2022 - Infosecurity Magazine - May 2022
2022 Voice of the CISO | Proofpoint US - May 2022
2021-2022 UK Financial Sector Dark Web Threat Landscape Report - Kela (ke-la.com) - May 2022
Q2 2022 State of Fraud & Account Security Report - Arkose Labs - May 2022
2022 SaaS Security Survey Report (adaptive-shield.com) - May 2022
How business executives perceive ransomware threat | Kaspersky official blog - May 2022
Internet Security Report - Q4 2021 | WatchGuard Technologies - April 2022
State of Pentesting Report 2022 | Cobalt - April 2022
2022 Cyber Threat Report for MSPs | ConnectWise - April 2022
Modern Bank Heist 5.0 (vmware.com) - April 2022
Cyber Risk Index | Trend Micro - April 2022
The 2021 State Of Enterprise Breaches | Forrester - April 2022
First Quarter 2022 Data Breach Analysis Report | Identity Theft Resource Centre - April 2022
Cyberthreat Defense Report 2021 - CyberEdge Group (cyber-edge.com) - April 2022
Cyber Security Breaches Survey 2022 - GOV.UK (www.gov.uk) - March 2022
Psychology of Human Error 2022 | Research Report | Tessian - March 2022
2022 Attack Path Management Impact Report (xmcyber.com) - March 2022
2022 State of Cyber Assets Report (jupiterone.com) - March 2022
2022 Weak Password Report - Specops Software - March 2022
2021 FBI Internet Crime Complaint Center (IC3) Annual Report.pdf - March 2022
2022 ThreatDetectionReport - RedCanary.pdf - March 2022
Cisco Talos Incident Response | Cisco Talos Intelligence Group - Comprehensive Threat Intelligence - March 2022
2022 Global Mobile Threat Report: Key Insights on the State of Mobile Security - Zimperium Mobile Security Blog - March 2022
Pinpoint the Origins of Workforce Risk - Elevate Security - March 2022
2022 Vulnerability Statistics Report - Edgescan - March 2022
Phishers’ Favorites 2021 Year-in-Review (vadesecure.com) - March 2022
Global Threat Landscape Report H2 2021 - Fortinet - February 2022
Salt Security releases State of API Security Report - IT Security Guru - March 2022
2022 State of the Phish Report - Stats, Trends & More | Proofpoint US - February 2022
2022 Global Threat Report: A Year of Adaptability and Perseverance - Crowdstrike - February 2022
Threat Intelligence Report 2022: Cybersecurity Priorities - Truesec - February 2022
The Year of Living Dangerously: Details from the BlackBerry 2022 Threat Report - February 2022
Identity Theft Resource Center’s 2021 Annual Data Breach Report Sets New Record for Number of Compromises - February 2022
Anomali Cyber Security Insights Report 2022: The State of Enterprise Cyber Resilience
2021
The Evolving Threat of Ransomware | The State of Security (tripwire.com) - November 2021
NCSC Annual Review 2021 - NCSC.GOV.UK - November 2021
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more! – Naked Security - November 2021
State of Cybersecurity Report 2021 | 4th Annual Report | Accenture - November 2021
Kaspersky Q3 2021 DDoS attack report | Securelist - November 2021
ENISA Threat Landscape 2021 — ENISA (europa.eu) - October 2021
Microsoft Digital Defense Report, October 2021 – Microsoft Security - October 2021
APT trends report Q3 2021 | Securelist - October 2021
ESET Threat Report T2 2021 | WeLiveSecurity - September 2021
Ransomware Report: State of Ransomware Survey & Report (thycotic.com)
Acronis Cyber Threats Report: Mid-year 2021
Ransomware Report: State of Ransomware Survey & Report 2021 (thycotic.com)
HP Wolf Security: Threat insights report H1 2021 | IT PRO
Q2 2021 spam and phishing report | Securelist
2021 DBIR Master's Guide | Verizon
Threat Landscape for Supply Chain Attacks 2021 — ENISA (europa.eu)
2021 Cloud Security Report | (ISC)² (isc2.org)
CrowdStrike | Cyber Front Lines Report 2021
State of Cybersecurity 2021 | ISACA
The State of Incident Response 2021 - Kroll IR Report
2021 State of the Threat Report | Secureworks
Hiscox Cyber Readiness Report 2021 | Hiscox Group
Highlights from the 2021 Unit 42 Ransomware Threat Report (paloaltonetworks.com)
2020
The NCSC Annual Review 2020 - NCSC.GOV.UK
2020 Unit 42 IoT Threat Report 2020 Unit 42 IoT Threat Report (paloaltonetworks.com)