The Information Risk Insights Study (IRIS)

Illuminating cyber risk through data-driven analysis

“Cyber Insights Needed & Delivered”

– Phil Venebles, CISO | Advisor | Board Member

The iris controls how much light enters the eye. More light, better sight. We created the IRIS series based on that same principle.

The cyber risk landscape is darkened by FUD. Organizations fear threats they can’t anticipate, battle analytical uncertainty, and doubt the efficacy of their decisions. The IRIS dispels that darkness with the light of data. Each edition draws from a massive collection of real-world cyber incidents and losses — tracked over time, across sectors, and by organization size. The result isn’t more pseudoscience that adds to the FUD. IRIS offers rigorous analysis that’s become the reference dataset for empirical cyber risk work.

Cyentia is grateful to the Cybersecurity Division and the Office of the Chief Economist at the Cybersecurity and Infrastructure Security Agency (CISA) for sponsoring the IRIS since 2022. It is our sincere hope that this research will aid community efforts to manage cyber risk.

Get IRIS 2025

Community Shout-Outs

  • “Cyentia’s commitment to clearing away the “FUD” (fear, uncertainty, and doubt) with rigorous, data-driven analysis sets the gold standard for our industry. Thank you for helping security professionals make informed decisions based on facts, not fear.”
    Patrick Spensor, VP of Marketing & Research
  • “Just finished the Cyentia Institute’s IRIS and again I find myself in awe at the elite level of objective risk insight this report provides. We’re spoiled to have Cyentia to deliver this useful historical data analyzed with such rigor and presented in such a digestible way.”
    Zach Cossairt, Risk Program Senior Manager
  • I’ve been I’ve been waiting for someone to publish a study like this for 20 years. I’m looking forward to applying Cyentia’s insights to drive better decisions.
    John Benninghoff, Cybersecurity Consultant, Writer, Researcher
  • “Incredible report from the #CyentiaInstitute. Well done! Well articulated, succinct insights (not to mention great quotes from lyrical geniuses).”
    Fred Thiele, Group CISO

IRIS 2025: It’s About Time

Cybersecurity is ever-changing, and there’s an implicit assumption that risk is always increasing. But is it?

Are cyber events occurring at greater frequency? Is an organization more likely to have a breach now than 15 years ago? Which types of incidents have become more common over time? Have the financial impacts of cyber events increased or decreased? Are risk factors trending the same way for all sectors and sizes of organizations?

The latest IRIS explores these questions and more by analyzing a huge historical dataset of cyber events and losses from 2008 through 2024.

Download
Member Exclusives

The IRIS Suite

IRIS 2025

Information Risk Insights Study 2025 Inside the Shifting Threat Landscape IRIS 2025 analyzes long-term cyber incident patterns to show where…
Learn More IRIS 2025

IRIS 2022

Information Risk Insights Study 2022 A Decade of Cyber Risk Data Supported by CISA, the 2022 edition of the Information…
Learn More IRIS 2022

IRIS Xtreme

Information Risk Insights Study, Xtreme Edition Inside the Most Extreme Cyber Events IRIS 20/20 Xtreme examines the 100 largest cyber…
Learn More IRIS Xtreme

Community Shout-Outs

  • “I can never say enough good things about Cyentia Institute research. Everyone should be diving into this and signing up for Cyentia membership!”
    Daniel Stone, Technology Risk Strategy Advisor
  • “This is the best report we’ve ever seen, on the actual cost of cyber incidents to large businesses.”
    Cyber Rescue Alliance
  • “Easily the most data-driven look at cyber risk in years.”
    Alex Hutton, CISO
  • “Hats off to the entire team at Cyentia Institute for producing such a valuable resource for the community. Kudos.
    Stephen Shaffer, Principal Security Engineer

Interested in sponsoring an IRIS?

We’re grateful to the public and private sponsors who have enabled us to devote so much time to this research over the years. If you have ideas for a future edition of the IRIS and/or would like to know more about sponsoring, reach out via the form below.

Join newsletter

Need an IRIS Focused on Your Organization?

That’s exactly what our Retina risk intelligence service provides. You get a report on key cyber risk factors for your peer group, along with monthly data and analysis to monitor prevailing trends.

Learn More