A collection of articles that contain statistics or facts I have personally found interesting, but you might not.

This page is split into three sections

1. General News and Articles about Cybersecurity and GRC
2. Research

General news and articles

• The 10 Biggest Data Breach Fines and Settlements of 2025
• Cybersecurity & Vendor Risk in 2026
• 10 New Ransomware Groups of 2025 — And What to Expect Next in 2026
• 2025 Year in Review: Building the Future of Security Operations
• BDO’s 2025 Board Survey
• Cyber attacks that occurred this year (2025) and how you can protect your data (Australian Article)
• Top 10 cyber security stories of 2025
• Top Ransomware Attacks of 2025: Major incidents, impacts & rising Cyber Threats Globally
• CISOs are managing risk in survival mode
• Top 10 Cyber Law Enforcement Operations of 2025
• UK’s new Cyber Security and Resilience Bill targets weak links in critical services
• Security Leaders Share Why 77% Organizations Lose Data Due to Insider Risks
• G7 cyber expert group statement on Artificial Intelligence and Cybersecurity: September 2025
• PoisonSeed Threat Actor Uses Cross-Device Login Feature and QR Code to Trick Users
• AI, Responsible Innovation, and Real Results
• Top construction cybersecurity challenges and risk mitigation tips
• Generative AI Exacerbates Software Supply Chain Risks
• State of Cybersecurity Resilience 2025
• 2025 State of Cyber Risk Management Report
• Guidance for SIEM and SOAR Implementation
• New Best Practices Guide for Securing AI Data Released (CISA)
• Record-Breaking $75 Million Ransom Paid To Dark Angels Gang 
• NIST Offers Concrete Steps for Secure Software Development
• Why companies need attack surface management in 2024
• A forensic framework to improve digital image evidence administration in IIoT
• SEC Risk Factors Disclosure Analysis – Harvard Business Review
• Hands-on threat simulations: Empower cybersecurity teams to confidently combat threats
• 83% of IT Security Professionals Say Burnout Causes Data Breaches
• Summary of the New SEC Rules and Regulations
• 91% Indian firms faced ransomware attacks in 2022: Report 
• Google Bans 173,000 Bad Developers in 2022 
• Top 10 Cybersecurity Frameworks for the Financial Industry 
• Sixty-six percent of security leaders admit staffing challenges 
• Ransomware Costs More Than the Ransom: Why You Should Be Worried 

Research

• UK Government Cyber Action Plan January 2026
• ZeroFox – 2026 Key Forecasts Report
• MITRE – MITRE Unveils 2025 List of Top 25 Most Dangerous Software Vulnerabilities
• CISA – Cybersecurity Performance Goals 2.0 for Critical Infrastructure
• OWASP – Introducing the OWASP Top 10:2025

• The Australian Signals Directorate’s – Annual Cyber Threat Report highlights persistent threat to individuals and across the Australian economy

• Microsoft – Extortion and ransomware drive over half of cyberattacks
• PWC – 2026 Global Digital Trust Insights: C‑suite playbook and findings – New world, new rules: Cybersecurity in an era of uncertainty

• Dragos – The 2025 OT Security Financial Risk Report

• CrowdStrike – CrowdStrike 2025 Threat Hunting Report: AI Becomes a Weapon and a Target

• Titania – How Financial Services Can Pre-empt, Prevent and Contain Ransomware with Network Segmentation
• Marsh – Which cybersecurity measures have the biggest impact on risk?
• Sophos – The State of Ransomware 2025
• Sophos – 25% of security leaders replaced after ransomware attack
• IAPP – Data protection and privacy laws now in effect in 144 countries
• David Banisar – Data Protection Map and Update 2024
• DLA Piper – Data Protection Laws of the World – An overview of key privacy and data protection laws across more than 160 jurisdictions
• IBM – 2025 Cost of a Data Breach Report: Navigating the AI rush without sidelining security
• Federal Reserve – 2025 Cybersecurity and Financial System Resilience Report
• GAO – Cybersecurity Regulations: Industry Perspectives on the Impact, Progress, Challenges, and Opportunities of Harmonization
• BitSight – Why 9 in 10 Cybersecurity Leaders Say Their Job Is Harder Today
• Trend Micro – State of AI Security Report, 1H 2025
• c/side – Client-Side Attack Report Q2 2025
• Brown & Brown – 2025 Financial Institutions Market Survey
• Prepare for the Future of Cybersecurity with the Gartner® Leadership Vision for 2025
• CheckPoint – The State of Cyber Security 2025
• Menlo –  Researchers Found Nearly 600 Incidents of AI Fraud
• AWS – AICPA SOC 2 Compliance Guide on AWS
• FieldEffect – The state of cybersecurity – Your guide for 2025 and beyond
• WTW – Leisure and Hospitality Reputational Risk Report 2024 /2025
• Munich Re – Key insights into systemic cyber risk
• Specops – Heatmap of 10 million breached passwords: 98.5% are weak
• CyberArk – Rise in Machine Identities Poses New Risks
• How Criminal Networks Exploit Insider Vulnerabilities
• Trend Micro – Email Threat Landscape Report: Evolving Threats in Email-Based Attacks
• Thales – Thales 2025 Global Cloud Security Study Reveals Organizations Struggle to Secure Expanding, AI-Driven Cloud Environments
• CISCO – Using AI to Battle Phishing Campaigns
• Beazley – Spotlight on Tech Transformation & Cyber Risk 2025
• Forescout – 44% of Industrial Organizations Claim to Have Real-Time Cyber Visibility, but Nearly 60% Can’t Reliably Detect OT/IoT Threats
• Accenture – State of Cybersecurity Resilience 2025
• Security Scorecard – The 2025 Supply Chain Cybersecurity Trends Survey
• FAIR Institute – 2025 State of Cyber Risk Management Report
• WTW – Global Reputational Risk Readiness Survey 2024/25
• Zscaler – Zscaler ThreatLabz 2025 Phishing Report
• Gartner – 2024 Gartner® Market Guide for Digital Forensics and Incident Response Retainer Services
• IBM – Cost of a Data Breach Report 2024
• Zscaler – Zscaler ThreatLabz ransomware report
• FBI Releases Internet Crime Report (4th April 24) – Report
• SecurityScoreCard – Cyentia Institute and SecurityScorecard Research Report: Close Encounters of the Third (and Fourth) Party Kind
  Share
• Cado Security – H2 2023 Cloud Threat Findings Report
• IBM – X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon
• Veracode – Addressing the Threat of Security Debt
• Artic Wolf – 2024 Artic Wolf Labs Threat Report
• Cohesity Research Reveals Most Companies Pay Millions in Ransoms, Breaking Their ‘Do Not Pay’ Policies
• Munich Security Report 2024
• Varonis – Ransomware Statistics, Data, Trends, and Facts [updated 2023]
• Kroll – Data Breach Outlook: Finance Surpasses Healthcare as Most Breached Industry in 2023
• ISC2 – How the Economy, Skills Gap and Artificial Intelligence are Challenging the Global Cybersecurity Workforce 2023
• MasterCard – Cybersecurity: Building trust in our digital age
• Ivanti – 2023 Executive Security Spotlight
• ISC2 – Cyber Skills Gap Reaches 4 Million, Layoffs Hit Security Teams
• Slashnext – Report Shows 1,265 Percent Increase in Phishing Emails Since ChatGPT Launch 
• Hanover – 2023 Cyber Resiliency Report
• Coalition – 2023 Cyber Claims Report: Mid-year Update
• Netskope – Netskope Report Exposes Increasing Use of Cloud Apps to Spread Malware 
• WatchGuard – Threat Lab Analyzes the Latest Malware and Internet Attacks
• Moodys – Cyber budgets increase, executive overview improves, but challenges lurk under the surface
• SpyCloud – The 2023 SpyCloud Ransomware Defense Report
• HyperProof – 2023 IT Compliance Benchmark Report
• Wipro – Cloud & AI creating cybersecurity gaps
• Cyber Essentials scheme process evaluation Published 22 June 2023
• ZeroFox – Brand Protection Trend Report 
• CISA – CISA Analysis: Fiscal Year 2022 Risk and Vulnerability Assessments
• Blackberry – Global Threat Intelligence Report – Reporting Period: March 1 – May 31, 2023
• AON – 2023 Cyber Resilience Report
• Cado – 2023 Cloud Threat Findings Report
• Zscaler – ThreatLabz 2023 Phishing Report
• SonicWall – 2023 Cyber Threat Report
• Gigamon – Hybrid Cloud Security: Perception vs. Reality 
• Crowdstrike – 2023 Global Threat Report
• Thales – 2023 Thales Global Cloud Security Study 
• CyberArk – 2023 Identity Security Threat Landscape Report
• ForgeRock – 2023 ForgeRock Identity Breach Report
• Arete – Healthcare Ransomware Sector Spotlight
• BackBox – 2023 Network Operations and Security Survey
• Abnormal – ESG Survey: The Freedom to Communicate and Collaborate
• BlackKite – March 2023  Ransomware Threat Landscape Report
• Fortinet – The 2023 Global Ransomware Report
• Optiv – Optiv Environmental, Social and Governance (ESG) Report
• Mandiant – 2023 M-Trends Report (drawn from Mandiant incident response investigations and threat intelligence analysis)
• Fortinet – 2023 Cybersecurity Skills Gap
• Thales – 2023 Thales Data Threat Report
• Trend Micro 2022 – Electricity/Energy Cybersecurity: Trends & Survey Response 
• Forrester 2022 – Forrester: Chart Your Course To Zero Trust Intermediate
• Verizon 2022 DBIR – 2022 Data Breach Investigations Report
• Forcepoint 2023 – The State of Privileged User Abuse in United Kingdom and United States Government Organizations
• Mimecast 2023 – The State of Email Security Report 2023
• IBM – Cost of a Data Breach 2022 Report
• Snyk 2022 –  The State of Open Source Security 2022
• Top Five Cyber Crime Types. In the past five years, the IC3 received a total of 3.26 million complaints for $27.6 billion in losses. During 2022, the top five cyber crime types were:
  1 Phishing: 300,497 complaints
  2 Personal Data Breach: 58,859 complaints
  3 Non-Payment / Non-Delivery: 51,679 complaints
  4 Extortion: 39,416 complaints
  5 Tech Support: 32,538 complaints