Handy Access to Reports, Graphics and Other Resources

“Our incident response exercises by Black Arrow have been a game-changer. Participant engagement is high, driven by realistic and interactive scenarios. The outputs revealed many assumptions.

- Offshore Wealth and Fund Manager

Websites/Online Resources

Known Exploited Vulnerabilities Catalogue - CISA - List of the vulnerabilities known to be being exploited by malicious actors

World’s Biggest Data Breaches & Hacks — Information is Beautiful - website that shows the scale and extent of data breaches from 2004 to date

How Secure Is My Password? a website where you can see how quickly passwords can be broken or brute forced. Try putting in a single word and see how quickly that can be broken, then try entering three or four random words (the prevailing guidance from the NCSC and others) and see how much harder it is for these passwords to be broken.

Have I Been Pwned: Check if your email has been compromised in a data breach - enter your email address(es) and see if they have been compromised in earlier data breaches

CVE Details - database of vulnerabilities by date, severity and vendor

Ransomware tracker: the latest figures - The Record by Recorded Future

Ransom-DB - Live Ransomware Statistics

List of data breaches and cyber attacks 2021 (ITGovernance.co.uk)

Industry Publications and Reports

2024

EU’s first ever report on the state of cybersecurity in the Union | ENISA - December 2024

NCSC Annual Review 2024 - NCSC.GOV.UK - December 2024

KnowBe4 Releases the Latest Phishing Trends - December 2024

The State of Supply Chain Defense in 2024 Report - October 2024

VIPRE’s Email Threat Trends Report: Q3 2024 - VIPRE - October 2024

2024 Brand Threats and Fraud Report (phishlabs.com) - October 2024

Microsoft Digital Defense Report 2024 - October 2024

Tenable Cloud Risk Report 2024 | Tenable® - October 2024

The State of Attacks on GenAI | Analysis of Real-World Attacks (pillar.security) - October 2024

2024 Cyber Claims Report Mid-year Update (coalitioninc.com) - October 2024

ESET Threat Report H1 2024 | ESET - October 2024

2025 Global Digital Trust Insights Survey: PwC - October 2024

2025 State of Cybersecurity | CompTIA - September 2024

ENISA Threat Landscape 2024 — ENISA (europa.eu) - September 2024

Progress update on Microsoft’s Secure Future Initiative | Microsoft Security Blog - September 2024

Vipre Q2 2024 Email Threat Report - July 2024

Fortifying Cyber Resilience: Insights Into Global Cybersecurity Practices (keepersecurity.com) - July 2024

Cost of a Data Breach Report 2024 (ibm.com) - July 2024

2024 Security Awareness Report | SANS Institute - July 2024

Internet Organised Crime Threat Assessment (IOCTA) 2024 | Europol (europa.eu) - July 2024

2024 Cyber Threat Report | Huntress - July 2024

McPartland Review of Cyber Security and Economic Growth - June 2024

The Top Trends Shaping Identity And Access Management I... | Forrester - May 2024

2024 State of Multicloud Security Risk Report (microsoft.com) - May 2024

Q1 2024 Threat Landscape Report: Insider Threat & Phishing Evolve Under AI Auspices (kroll.com) - May 2024

State of Cybersecurity Trends Report 2024 | Ivanti - May 2024

2024 Cyber Threat Report | Huntress - May 2024

2024 Q1 Mobile Landscape Threat Report (lookout.com) - May 2024

Q1 2024 Global Phishing Report (knowbe4.com) - May 2024

2024 Voice of the CISO | Proofpoint UK - May 2024

Arctic Wolf Labs 2024 Threat Report | Arctic Wolf - May 2024

2024 Cloud Protection Trends (veeam.com) - May 2024

At-Bay's 2024 InsurSec Report - May 2024

Kaspersky Incident Response Analyst Report 2023 - May 2024

The State of Ransomware 2024 - Sophos - May 2024

Global Threat Intelligence Report 2024 by NTT Security Holdings - April 2024

2024 Data Breach Investigations Report | Verizon - April 2024

Cobalt's 2024 State of Pentesting Report (prweb.com) - April 2024

The State of Security 2024 | Splunk - April 2024

Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com) - April 2024

Cybersecurity in the UK - House of Commons Library (parliament.uk) - April 2024

Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org) - April 2024

Coalition's 2024 Cyber Claims Report (coalitioninc.com) - April 2024

2024 Cisco Cybersecurity Readiness Index - April 2024

M-Trends 2024 | Google Cloud - April 2024

Global Data Protection Index Report | Dell USA - April 2024

Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org) - April 2024

Cyber security breaches survey 2024 - GOV.UK (www.gov.uk) - April 2024

ThreatLabz 2023 Phishing Report | ITPro - April 2024

The 2024 Sophos Threat Report: Cybercrime on Main Street – Sophos News - April 2024

The State of Email & Collaboration Security 2024 | Mimecast - April 2024

The State of Email & Collaboration Security 2024 | Mimecast - March 2024

Kaspersky spam and phishing report for 2023 | Securelist - March 2024

Email Security in 2024: An Expert Look at Email-Based Threats - VIPRE - February 2024

IBM Security X-Force Threat Intelligence Index 2024 - February 2024

Cyber Threat Index 2024: Scans, Honeypots, and CVEs  (coalitioninc.com) - February 2024

IBM XForce Threat Intelligence Index 2024.pdf - February 2024

CrowdStrike 2024 Global Threat Report | CrowdStrike - February 2024

[Ebook] 2023 Year in Review: Phishing Attacks and Trends (vadesecure.com) - February 2024

The State of Ransomware in 2023 | BlackFog - February 2024

VIPRE Security Group’s Annual Email Threat Landscape Research Shines Light on the Advanced Methods Needed to Secure Corporate Email Environment in 2024 - VIPRE - February 2024

HP Wolf Security Threat Insights Report Q4 2023 | HP Wolf Security - February 2024

Cyber Bank Heists | Cybersecurity Threats Facing Financial Sector | Contrast Security - January 2024

ReasonLabs Releases Annual "State of Consumer Cybersecurity Report" for 2024 (prnewswire.com) - January 2024

Gartner Report: Innovation Insight for Application Security Posture Management (legitsecurity.com) - January 2024

Barracuda's new Cybernomics 101 report uncovers the financial forces driving cyberattacks (prnewswire.com) - January 2024

The 2024 Specops Breached Password Report Reveals Two Million Compromised Cloud Credentials Used ‘123456’ as Password | Business Wire - January 2024

Cloudflare Releases 2024 API Security and Management Report (infoq.com) - January 2024

2023

Annual Payment Fraud Intelligence Report: 2023 | Recorded Future - December 2023

2023 Zscaler ThreatLabz State of Phishing Report | Zscaler - November 2023

NCSC Annual Review 2023 - NCSC.GOV.UK - November 2023

The State of IT Security in SMBs 2023-2024 - October 2023

VIPRE Security Group’s Q3 2023 Email Threat Report Reveals PDFs, Callback Phishing and Malware Via Google Drive Growing in Popularity Among Criminals - VIPRE - October 2023

Elastic Global Threat Report 2023 Reveals Dominance of Ransomware | Business Wire - October 2023

The CISO Report | Splunk - October 2023

APT trends report Q3 2023 | Securelist - October 2023

New CISO research sets out priorities, challenges and tips for success in a challenging landscape post - BSS - October 2023

Trustwave SpiderLabs Research: Cybersecurity in the Financial Services Sector - October 2023

WMware Global Incident Response Threat Report 2022 - October 2023

Microsoft Digital Defense Report 2023 (MDDR) | Microsoft Security Insider - October 2023

Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023 - National Cybersecurity Alliance (staysafeonline.org) - October 2023

QBE Mid-sized Business Risk Report | QBE US - September 2023

The State of Pentesting 2023 Report | Cobalt - September 2023

Ransomware and the cyber crime ecosystem - NCSC.GOV.UK - September 2023

Cybersecurity: The 2023 Board Perspective - September 2023

2023 State of Ransomware | Malwarebytes - August 2023

Internet Organised Crime Threat Assessment (IOCTA) | Europol (europa.eu) - July 2023

Cost of a data breach 2023 | IBM - July 2023

Q1 Report: Email Threat Trends Discover Q1 trends and stay ahead of email based threats. - VIPRE - July 2023

Eset H1 2023 Threat Report (eset.com) - July 2023

How to Use Threat Intelligence to Mitigate Third-Party Risk Free Report (tradepub.com) - July 2023

Phishing Trends and Tactics: Q1 of 2023 | Tripwire - July 2023

The Threat Report: June 2023 | Trellix - July 2023

Secure Sign-in Trends Report | Okta - June 2023

Threat Intelligence report 2023 | Nokia - June 2023

2023 Data Breach Investigations Report | Verizon - June 2023

Global Threat Intelligence Report 2023 (security.ntt) - May 2023

Global Threat Intelligence Report April (blackberry.com) - May 2023

Introducing the DRM-Report Q1 2023: Unveiling the Current State of Ransomware - May 2023

UK Cybersecurity Landscape: challenges and opportunities | Expel - May 2023

The State of Pentesting 2023 Report | Cobalt - May 2023

Kaspersky Incident Response report 2022 - May 2023

2023 Ransomware Report: Sophos State of Ransomware - May 2023

2023 Voice of the CISO | Proofpoint UK - May 2023

Q1 Cofense Phishing Intelligence Report - Cofense - May 2023

2023 AT&T Cybersecurity Insights Report: Edge Ecosystem (att.com) - May 2023

ESET APT Activity Report Q4 2022­–Q1 2023 | WeLiveSecurity - May 2023

Email Threats - Discover the latest trends and stay one step ahead - VIPRE - April 2023

Mandiant Unveils M-Trends 2023 Report, Delivering Critical Threat Intelligence Directly from the Frontlines | Mandiant - April 2023

DDoS threat report for 2023 Q1 (cloudflare.com) - April 2023

Bitdefender 2023 Cybersecurity Assessment | Bitdefender - April 2023

Annual Report: Leading Anti-Phishing Solutions | Cofense - March 2023

2023 State of Cloud Permissions Risks report now published - Microsoft Community Hub - March 2023

2023 Ransomware Insights | Barracuda Networks - March 2023

2023 Annual Identity Exposure Report | SpyCloud - March 2023

Cybersecurity focus in second Digital Europe work programme – EURACTIV.com - March 2023

State of Cybersecurity for Mid-Sized Businesses in 2023 | Huntress - March 2023

Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant - March 2023

2023 Annual Identity Exposure Report | SpyCloud - March 2023

2023 SonicWall Cyber Threat Report - March 2023

2023 State of the Phish Report - Phishing Stats & Trends | Proofpoint US - March 2023

2023 CrowdStrike Global Threat Report - March 2023

2023 Saas Security Threat Landscape Report (docontrol.io) - March 2023

2023 Browser Security Annual Report - Download Now (layerxsecurity.com) - March 2023

Rapid7's 2022 Vulnerability Intelligence Report | Rapid7 Blog - February 2023

2023 SonicWall Cyber Threat Report | SonicWall - February 2023

2022

2022 Global Threat Report | Elastic - November 2022

Cybersecurity Threats Fast-Forward 2030: Fasten your Security-Belt Before the Ride! — ENISA (europa.eu) - November 2022

Report on DDoS attacks in Q3 2022 | Securelist - November 2022

The 2022 Cloud Data Security Survey Report | Flow Security - November 2022

Microsoft Digital Defense Report 2022 | Microsoft Security - November 2022

Psychology of Passwords 2022: Proactive Cybersecurity | LastPass - November 2022

APT trends report Q3 2022 | Securelist - November 2022

ENISA Threat Landscape 2022 — ENISA (europa.eu) - December 2022

Attack Surface Management 2022 Midyear Review Part 3 | TrendMicro - November 2022

Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape — ENISA (europa.eu) - November 2022

Mid-Year Update: 2022 SonicWall Cyber Threat Report | Sonicwall - November 2022

Q3 2022 Phishing and Malware Report: Phishing Volumes Increase 31% | VadeSecure.com - October 2022

Justice response inadequate to meet scale of fraud epidemic - Committees - UK Parliament - October 2022

Attack Surface Management 2022 Midyear Review Part 2 | TrendMicro - October 2022

Attack Surface Management 2022 Midyear Review Part 1 | TrendMicro - October 2022

Financial and cyber crimes top global police concerns | INTERPOL report - October 2022

Post-Quantum Cryptography: Anticipating Threats and Preparing the Future — ENISA (europa.eu) - October 2022

Building a Holistic Insider Risk Management Program | Microsoft - October 2022

2022 State of the Threat Report | Secureworks - October 2022

VMware Global Incident Response Report 2022 - September 2022

2022 Ransomware Defense Report | SpyCloud - September 2022

Falcon OverWatch Threat Hunting Report 2022 | CrowdStrike - September 2022

Cyber Security: Benchmarking Security Gaps & Privileged Access (delinea.com) - September 2022

Tackling the Growing and Evolving Digital Attack Surface 2022 Midyear Cybersecurity Report (trendmicro.com) - August 2022

Cyber Signals: Defend against the new ransomware landscape - Microsoft - August 2022

Threat Spotlight: The untold stories of ransomware - Journey Notes (barracuda.com) - August 2022

Hiscox Cyber Readiness Report 2022 - July 2022

ENISA Threat Landscape for Ransomware Attacks — ENISA (europa.eu) - July 2022

Decade Retrospective: The State of Vulnerabilities | Trustwave - July 2022

The Evolution of Cybercrime:  Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back - HP - July 2022

Online Payment Fraud Market Report 2022-27: Size, Share, Trends (juniperresearch.com) - July 2022

State of Authentication in the Finance Industry 2022 | HYPR - July 2022

Global Small Business Multi-Factor Authentication (MFA) Study, Cyber Readiness Institute - July 2022

2021 Ponemon Workforce Privacy Report - DTEX Systems - July 2022

SANS 2022 Security Awareness Report: Human Risk Remains the Biggest Threat to Your Organization’s Cyber Security | SANS Institute - June 2022

State of Data Exfiltration and Extortion 2022 - Titaniam - June 2022

Defending Ukraine: Early Lessons from the Cyber War - Microsoft On the Issues - June 2022

Q1 2022 Incident Response Insights from Tetra Defense | Arctic Wolf - June 2022

State of Email Security | Mimecast - June 2022

State of Open Source Security 2022 | Snyk - June 2022

Voice of the CISO 2022 | Proofpoint - June 2022

The Human Factor Report 2022 | Proofpoint US - June 2022

Router Security Report 2021 | Securelist - June 2022

2022 Data Breach Investigations Report | Verizon - May 2022

State of Cybersecurity Report 2022 - Infosecurity Magazine - May 2022

2022 Voice of the CISO | Proofpoint US - May 2022

2021-2022 UK Financial Sector Dark Web Threat Landscape Report - Kela (ke-la.com) - May 2022

Q2 2022 State of Fraud & Account Security Report - Arkose Labs - May 2022

2022 SaaS Security Survey Report (adaptive-shield.com) - May 2022

How business executives perceive ransomware threat | Kaspersky official blog - May 2022

Internet Security Report - Q4 2021 | WatchGuard Technologies - April 2022

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Quarterly Report: Incident Response trends in Q1 2022 - April 2022

State of Pentesting Report 2022 | Cobalt - April 2022

2022 Cyber Threat Report for MSPs | ConnectWise - April 2022

Modern Bank Heist 5.0 (vmware.com) - April 2022

Cyber Risk Index | Trend Micro - April 2022

The 2021 State Of Enterprise Breaches | Forrester - April 2022

First Quarter 2022 Data Breach Analysis Report | Identity Theft Resource Centre - April 2022

Cyberthreat Defense Report 2021 - CyberEdge Group (cyber-edge.com) - April 2022

Cyber Security Breaches Survey 2022 - GOV.UK (www.gov.uk) - March 2022

Psychology of Human Error 2022 | Research Report | Tessian - March 2022

2022 Attack Path Management Impact Report (xmcyber.com) - March 2022

2022 State of Cyber Assets Report (jupiterone.com) - March 2022

2022 Weak Password Report - Specops Software - March 2022

2021 FBI Internet Crime Complaint Center (IC3) Annual Report.pdf - March 2022

2022 ThreatDetectionReport - RedCanary.pdf - March 2022

Cisco Talos Incident Response | Cisco Talos Intelligence Group - Comprehensive Threat Intelligence - March 2022

2022 Global Mobile Threat Report: Key Insights on the State of Mobile Security - Zimperium Mobile Security Blog - March 2022

Pinpoint the Origins of Workforce Risk - Elevate Security - March 2022

2022 Vulnerability Statistics Report - Edgescan - March 2022

Phishers’ Favorites 2021 Year-in-Review (vadesecure.com) - March 2022

Global Threat Landscape Report H2 2021 - Fortinet - February 2022

Salt Security releases State of API Security Report - IT Security Guru - March 2022

2022 State of the Phish Report - Stats, Trends & More | Proofpoint US - February 2022

2022 Global Threat Report: A Year of Adaptability and Perseverance - Crowdstrike - February 2022

Threat Intelligence Report 2022: Cybersecurity Priorities - Truesec - February 2022

The Year of Living Dangerously: Details from the BlackBerry 2022 Threat Report - February 2022

Identity Theft Resource Center’s 2021 Annual Data Breach Report Sets New Record for Number of Compromises - February 2022

Experian’s Annual Future of Fraud Forecast Predicts Five Key Threats for Businesses and Consumers in 2022

Anomali Cyber Security Insights Report 2022: The State of Enterprise Cyber Resilience

2021

The Evolving Threat of Ransomware | The State of Security (tripwire.com) - November 2021

NCSC Annual Review 2021 - NCSC.GOV.UK - November 2021

Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more! – Naked Security - November 2021

State of Cybersecurity Report 2021 | 4th Annual Report | Accenture - November 2021

Kaspersky Q3 2021 DDoS attack report | Securelist - November 2021

ENISA Threat Landscape 2021 — ENISA (europa.eu) - October 2021

Microsoft Digital Defense Report, October 2021 – Microsoft Security - October 2021

APT trends report Q3 2021 | Securelist - October 2021

ESET Threat Report T2 2021 | WeLiveSecurity - September 2021

Ransomware Report: State of Ransomware Survey & Report (thycotic.com)

Acronis Cyber Threats Report: Mid-year 2021

Ransomware Report: State of Ransomware Survey & Report 2021 (thycotic.com)

HP Wolf Security: Threat insights report H1 2021 | IT PRO

ESET Threat Report T2 2021 highlights aggressive ransomware tactics and intensifying password-guessing attacks | ESET

Q2 2021 spam and phishing report | Securelist

2021 DBIR Master's Guide | Verizon

Threat Landscape for Supply Chain Attacks 2021 — ENISA (europa.eu)

2021 Cloud Security Report | (ISC)² (isc2.org)

CrowdStrike | Cyber Front Lines Report 2021

State of Cybersecurity 2021 | ISACA

The State of Incident Response 2021 - Kroll IR Report

2021 State of the Threat Report | Secureworks

Hiscox Cyber Readiness Report 2021 | Hiscox Group

Highlights from the 2021 Unit 42 Ransomware Threat Report (paloaltonetworks.com)

2020

The NCSC Annual Review 2020 - NCSC.GOV.UK

ENISA Threat Landscape 2020: Cyber Attacks Becoming More Sophisticated, Targeted, Widespread and Undetected — ENISA (europa.eu)

Microsoft Digital Defense Report 2020: Cyber Threat Sophistication on the Rise - Microsoft Security Blog

2020 Unit 42 IoT Threat Report 2020 Unit 42 IoT Threat Report (paloaltonetworks.com)