Security Report

Awesome Annual Security Reports

Source: Awesome Annual Security Reports
The reports in this collection are limited to content which does not require a paid subscription, membership, or service contract. https://github.com/jacobdjwilson/awesome-annual-security-reports/

Definition: The cybersecurity landscape is constantly evolving, making it hard for CIOs, CISOs, and security leaders to keep up. They’re flooded with annual reports from research consultancies, industry working groups, non-profits, and government agencies, and sifting through marketing material to find actionable insights is a major challenge. This list aims to cut through the noise by providing a vendor-neutral resource for the latest security trends, tools, and partnerships. It curates information from trusted sources, making it easier for security leaders to make informed decisions.

Disclaimer: The reports in this collection are limited to content which does not require a paid subscription, membership, or service contract. There are a variety of different business models and drivers that would cause information to be put behind a paywall, I would like to respect those companies and individuals. Consult the original authors for licensing of any report content.

Limitations: This is not a repository for project-specific documents such as white papers, intelligence reports, technical specifications, or standards. While all user-submitted uploads or report requests are welcome, we should draw a box around this awesome list.

Accessibility When possible, all reports will be sourced from their original authors and uploaded to Hybrid Analysis via GitHub action to provide an added level of confidence. The resulting analysis link will be included in the PDF commit notes. Additionally, all PDF reports will be converted to Markdown using AI, based on the AI Prompts defined in this repository.

Acknowledgement: I would like to give recognition for other works that inspired this collection. Richard Stiennon produces an annual, comprehensive industry analysis that surpasses the scope of this list and deserves attention. Additionally, Rick Howard‘s cyber cannon list of must-read books is an invaluable resource, catering to both leadership and practitioner levels within the field.


  • ContrastSecurity Software Under Siege 2025

    Contrast Security’s 2025 report shows application-layer attacks and exploitable vulnerabilities are growing faster than most organizations can defend against, with attackers exploiting flaws in just days while remediation often takes months. It highlights the need for runtime application defense and better vulnerability prioritization as traditional tools like WAF and EDR leave major blind spots. #ContrastSecurity…

  • Akamai Fraud and Abuse Report 2025

    Akamai’s Fraud and Abuse Report 2025 shows AI bots rapidly reshaping fraud, scraping, and abuse across industries, with traffic up 300% year over year and commerce, publishing, and healthcare among the most affected sectors. The report highlights how tools like FraudGPT, WormGPT, GPTBot, ChatGPT-User, Bytespider, and Meta-ExternalAgent are driving new detection and governance challenges, while…

  • Cyble Global Threat Landscape 2025

    Cyble’s H1 2025 report shows a sharp rise in ransomware, supply chain attacks, and more sophisticated hacktivism, with CL0P, Akira, and Qilin driving a large share of incidents. North America, especially the United States, remained the main target, while industrial and critical infrastructure sectors faced increasingly coordinated threats. #CL0P #Akira #Qilin #MOVEit #GoAnywhereMFT #NHS #ZPentest…

  • Censys State of the Internet 2025

    Censys’ 2025 State of the Internet Report analyzes adversary infrastructure at Internet scale, showing how malware, C2 services, open directories, and residential proxy networks persist, shift, and evade detection over time. The report highlights Cobalt Strike, Viper, Sliver, PlugX, and PolarEdge as major examples of how threat actors build and maintain infrastructure across global hosting…

  • Black Duck State of Embedded Software Quality and Safety 2025

    Black Duck’s 2025 embedded software report shows a sector being reshaped by rapid AI adoption, weak governance, and the rise of SBOMs as a commercial requirement. It also highlights a growing gap between management optimism and engineering reality, alongside a shift toward memory-safe languages and stricter supply-chain and compliance expectations. #BlackDuck #SBOM #Censuswide #MISRA #CERTC…

  • Cybersecurity Market Report Q4 2025

    The report projects the global cybersecurity market will reach $1 trillion annually by 2031, driven by expanding digital exposure across businesses, governments, IoT, industrial systems, and other connected platforms. It highlights major spending growth, the rising influence of AI, and the widening scope of cybersecurity beyond traditional IT to protect physical and cyber-physical environments. #CybersecurityVentures…

  • Salt Future of Agentic AI Report 2025

    Salt Security’s report shows that agentic AI adoption is rising quickly, but consumer trust has not kept pace, especially when personal data and chatbot interactions are involved. It emphasizes that APIs are the backbone of AI agent functionality and the main security weak point, making strong governance, monitoring, and access control essential for the future…

  • LastPass APAC Regional Report 2025

    LastPass’s 2025 APAC Regional Report shows the region facing high volumes of cyber espionage and financially motivated attacks, with manufacturing, Japan, stolen credentials, and Australia standing out as major targets. It also highlights the growing role of Akira, LUMMAC, Salt Typhoon, and credential-stuffing campaigns, alongside emerging risks from AI-driven scams and infrastructure abuse. #Lastpass #APAC…

  • Houlihan Lokey How AI Is Reshaping Digital Engineering 2025

    This report explains how AI is transforming digital engineering by reshaping software development, talent needs, pricing models, and delivery structures across global services firms. It also shows that buyers and providers are shifting toward outcome-based, AI-enabled, and consulting-led models as demand rises across key industries like financial services, healthcare, automotive, and life sciences. #HoulihanLokey #Globant…

  • Edgescan Midyear Vulnerability Statistics Report 2025 Title

    Edgescan’s 2025 mid-year report shows how continuous, validated penetration testing and attack surface management are replacing traditional consultancy-led assessments, with more than 40,000 assessments and 1,000+ penetration tests across network/cloud, web applications, and APIs. The report highlights persistent high-risk findings such as SQL injection, file path traversal, and authorization flaws, while emphasizing that expert validation,…

  • Proofpoint Cyber Insecurity in Healthcare 2025

    Proofpoint and Ponemon’s 2025 healthcare cybersecurity study shows that cyberattacks remain widespread, with most organizations suffering repeated incidents that disrupt care and drive multimillion-dollar losses. Cloud/account compromise, ransomware, supply chain attacks, and BEC continue to affect patient safety, while growing cloud adoption, insider risk, and AI use are reshaping how healthcare organizations defend clinical operations.…

  • Netscout DDoS Threat Intelligence Report 2025

    NETSCOUT’s 1H 2025 DDoS Threat Intelligence Report shows a record-scale and increasingly geopolitical DDoS landscape, with over 8 million attacks globally and major surges tied to events such as the World Economic Forum, the India-Pakistan conflict, and the Iran-Israel cyberwar. The report also highlights the continued dominance of botnets and hacktivist groups like NoName057(16), alongside…

  • GSMA Post-Quantum Cryptography for 5G Roaming 2025

    GSMA’s 2025 report explains how post-quantum cryptography should be introduced to protect 4G and 5G roaming against harvest-now, decrypt-later threats and quantum-enabled impersonation or tampering. It recommends prioritizing ML-KEM, ML-DSA, hybrid key exchange, and quantum-safe PKI changes across SEPP, PRINS, TLS 1.3, and IPsec-based roaming environments. #GSMA #ML-KEM #ML-DSA #SEPP #PRINS #3GPP

  • Okta Secure Identity Commitment 2025

    Okta’s Secure Identity Commitment outlines how the company is strengthening identity security through better products, hardened infrastructure, customer guidance, and industry-wide collaboration. The report emphasizes rising identity-based attacks and highlights recent defenses, including blocking over 1.5 billion identity attacks and 290 million malicious access attempts, while spotlighting initiatives such as VoidProxy, ThreatInsight, FastPass, and Cross-App…

  • NCSC Annual Review 2025

    The NCSC Annual Review 2025 documents a clear escalation in sophisticated state-aligned and criminal cyber activity, major disruptive incidents affecting critical services and commerce, and a strategic pivot toward resilience at scale—through programmes like Early Warning, Active Cyber Defence, CAF v4.0, PQC migration and Crypt‑Key modernisation. It couples hard metrics (1,727 incident tips → 429…

  • Hoxhunt Cyber Threat Intelligence Report 2025

    The report shows that attackers are increasingly using AI to refine classic phishing while adversary-in-the-middle (AitM) kits and token-theft techniques (including session token capture) drive stealthy post-login compromise. Defenders should prioritize token-centric controls, phishing-resistant MFA, session shortening, SVG/attachment controls, and a culture of “Pause → Verify → Act.” #Microsoft #Google #Hoxhunt #AitM #SVG #Salesforce #Docusign

  • CyberProof Global Threat Intelligence Report 2025

    The 2025 Global Threat Intelligence Report summarizes 2024’s cyber landscape, showing how geopolitical conflicts, supply-chain compromises, and advanced ransomware operations disrupted critical sectors and amplified systemic risk. It documents high-impact incidents, sharp increases in DDoS and supply-chain attacks, and the growing convergence of state-aligned APTs with ransomware actors that broadened both capability and reach. #ALPHV…

  • Veriti: The State of Healthcare Cybersecurity 2025

    Veriti’s 2025 report reviews 2024 healthcare cybersecurity, documenting nearly 400 U.S. organizations impacted, widespread ransomware activity (notably LockBit 3.0, ALPHV/BlackCat, BianLian), pervasive misconfigurations, vulnerable medical devices and cloud/IoT exposures that disrupted operations and patient data confidentiality. It calls out dominant CVEs and TTPs (Log4Shell, Fortinet VPN, Zerologon, RDP abuse, Cobalt Strike, double extortion) and urges…

  • HealthISAC Annual Threat Report 2025

    The Health-ISAC 2025 report documents escalating, high-impact cyber threats to the health sector in 2024–2025, highlighting widespread ransomware incidents, supply-chain and third-party risks, nation-state espionage, and growing vulnerabilities in medical devices and IoMT. It calls for stronger information sharing, resilience and risk planning, and faster mitigation of zero-days, credential compromise, and AI-enabled attack techniques. #ChangeHealthcare…

  • Guy Carpenter US Cyber Industry Exposure Database 2025

    This white paper presents the 2025 US Cyber Industry Exposure Database and Loss Curve (IED), a collaborative, transparent, data-driven model built by Guidewire Cyence and Guy Carpenter that produces OEP/AEP loss curves and industry metrics using Cyence Model 7 and GC policy inputs. It summarizes market-scale estimates (≈4.97M US cyber policies; ~$9.52B estimated written premium;…


More Report: https://www.hendryadrian.com/category/security-report