The report projects the global cybersecurity market will reach $1 trillion annually by 2031, driven by expanding digital exposure across businesses, governments, IoT, industrial systems, and other connected platforms. It highlights major spending growth, the rising influence of AI, and the widening scope of cybersecurity beyond traditional IT to protect physical and cyber-physical environments. #CybersecurityVentures #EvolutionEquityPartners #Microsoft #Google #Wiz #PaloAltoNetworks #Fortinet #CrowdStrike #Deltek
Category: Security Report
Salt Security’s report shows that agentic AI adoption is rising quickly, but consumer trust has not kept pace, especially when personal data and chatbot interactions are involved. It emphasizes that APIs are the backbone of AI agent functionality and the main security weak point, making strong governance, monitoring, and access control essential for the future of trusted AI. #SaltSecurity #agenticAI #APIs
LastPass’s 2025 APAC Regional Report shows the region facing high volumes of cyber espionage and financially motivated attacks, with manufacturing, Japan, stolen credentials, and Australia standing out as major targets. It also highlights the growing role of Akira, LUMMAC, Salt Typhoon, and credential-stuffing campaigns, alongside emerging risks from AI-driven scams and infrastructure abuse. #Lastpass #APAC #Akira #LUMMAC #SaltTyphoon #TEMPHex #Bitter #APT36 #Billbug #CoGUI #Syteca
This report explains how AI is transforming digital engineering by reshaping software development, talent needs, pricing models, and delivery structures across global services firms. It also shows that buyers and providers are shifting toward outcome-based, AI-enabled, and consulting-led models as demand rises across key industries like financial services, healthcare, automotive, and life sciences. #HoulihanLokey #Globant #Allata #Exxeta #FullStack #ImprovingEnterprises #ModusCreate #Myridius #Stride #Solvd #UDig #VeryGoodVentures
Edgescan’s 2025 mid-year report shows how continuous, validated penetration testing and attack surface management are replacing traditional consultancy-led assessments, with more than 40,000 assessments and 1,000+ penetration tests across network/cloud, web applications, and APIs. The report highlights persistent high-risk findings such as SQL injection, file path traversal, and authorization flaws, while emphasizing that expert validation, EPSS, and CISA KEV-informed exposure scoring are central to reducing false positives and prioritizing remediation. #Edgescan #SQLinjection #CWE89 #CWE22 #EPSS #CISAKEV
Proofpoint and Ponemon’s 2025 healthcare cybersecurity study shows that cyberattacks remain widespread, with most organizations suffering repeated incidents that disrupt care and drive multimillion-dollar losses. Cloud/account compromise, ransomware, supply chain attacks, and BEC continue to affect patient safety, while growing cloud adoption, insider risk, and AI use are reshaping how healthcare organizations defend clinical operations. #Proofpoint #PonemonInstitute #cloudaccountcompromise #BEC #ransomware #supplychainattacks
NETSCOUT’s 1H 2025 DDoS Threat Intelligence Report shows a record-scale and increasingly geopolitical DDoS landscape, with over 8 million attacks globally and major surges tied to events such as the World Economic Forum, the India-Pakistan conflict, and the Iran-Israel cyberwar. The report also highlights the continued dominance of botnets and hacktivist groups like NoName057(16), alongside the rise of DDoS-as-a-service actors such as DieNet and Keymous+. #NETSCOUT #NoName05716 #DieNet #Keymous #SYLHETGANGSG #ArborCloud #ArborEdgeDefense
GSMA’s 2025 report explains how post-quantum cryptography should be introduced to protect 4G and 5G roaming against harvest-now, decrypt-later threats and quantum-enabled impersonation or tampering. It recommends prioritizing ML-KEM, ML-DSA, hybrid key exchange, and quantum-safe PKI changes across SEPP, PRINS, TLS 1.3, and IPsec-based roaming environments. #GSMA #ML-KEM #ML-DSA #SEPP #PRINS #3GPP
Okta’s Secure Identity Commitment outlines how the company is strengthening identity security through better products, hardened infrastructure, customer guidance, and industry-wide collaboration. The report emphasizes rising identity-based attacks and highlights recent defenses, including blocking over 1.5 billion identity attacks and 290 million malicious access attempts, while spotlighting initiatives such as VoidProxy, ThreatInsight, FastPass, and Cross-App Access. #Okta #ThreatInsight #FastPass #CrossAppAccess #VoidProxy #Persona #FedRAMP #IPSIE
The NCSC Annual Review 2025 documents a clear escalation in sophisticated state-aligned and criminal cyber activity, major disruptive incidents affecting critical services and commerce, and a strategic pivot toward resilience at scale—through programmes like Early Warning, Active Cyber Defence, CAF v4.0, PQC migration and Crypt‑Key modernisation. It couples hard metrics (1,727 incident tips → 429 supported incidents, 48% nationally significant; 1.2m takedown removals; 13,178 Early Warning subscribers) with policy and technical roadmaps (PQC timelines, AI security, passkeys) that push governance to board level and emphasise engineering resilience. #NCSC #GCHQ #EarlyWarning #TakedownService #CryptKey #MarksAndSpencer #Synnovis #CoopGroup #PDNS #CAF4
The report shows that attackers are increasingly using AI to refine classic phishing while adversary-in-the-middle (AitM) kits and token-theft techniques (including session token capture) drive stealthy post-login compromise. Defenders should prioritize token-centric controls, phishing-resistant MFA, session shortening, SVG/attachment controls, and a culture of “Pause → Verify → Act.” #Microsoft #Google #Hoxhunt #AitM #SVG #Salesforce #Docusign
The 2025 Global Threat Intelligence Report summarizes 2024’s cyber landscape, showing how geopolitical conflicts, supply-chain compromises, and advanced ransomware operations disrupted critical sectors and amplified systemic risk. It documents high-impact incidents, sharp increases in DDoS and supply-chain attacks, and the growing convergence of state-aligned APTs with ransomware actors that broadened both capability and reach. #ALPHV #VoltTyphoon
Veriti’s 2025 report reviews 2024 healthcare cybersecurity, documenting nearly 400 U.S. organizations impacted, widespread ransomware activity (notably LockBit 3.0, ALPHV/BlackCat, BianLian), pervasive misconfigurations, vulnerable medical devices and cloud/IoT exposures that disrupted operations and patient data confidentiality. It calls out dominant CVEs and TTPs (Log4Shell, Fortinet VPN, Zerologon, RDP abuse, Cobalt Strike, double extortion) and urges urgent 2025 priorities: IoT hardening, secure cloud adoption, stronger patching and EDR/visibility. #ALPHV #LockBit3_0
The Health-ISAC 2025 report documents escalating, high-impact cyber threats to the health sector in 2024–2025, highlighting widespread ransomware incidents, supply-chain and third-party risks, nation-state espionage, and growing vulnerabilities in medical devices and IoMT. It calls for stronger information sharing, resilience and risk planning, and faster mitigation of zero-days, credential compromise, and AI-enabled attack techniques. #ChangeHealthcare #BlackBasta
This white paper presents the 2025 US Cyber Industry Exposure Database and Loss Curve (IED), a collaborative, transparent, data-driven model built by Guidewire Cyence and Guy Carpenter that produces OEP/AEP loss curves and industry metrics using Cyence Model 7 and GC policy inputs. It summarizes market-scale estimates (≈4.97M US cyber policies; ~$9.52B estimated written premium; 53% industry loss ratio comprised of 42 percentage points attritional and 11 percentage points catastrophic), highlights evolving threats like Business Email Compromise and cloud/hypervisor outages, and documents regulatory shifts such as CISA defunding. #BusinessEmailCompromise #CISA