The Information Risk Insights Study (IRIS)

Cyber risk quantification has been plagued by FUD (fear, uncertainty, and doubt) for far too long and our research series, the Information Risk Insights Study, is dedicated to clearing away these fears by leveraging real-world data and rigorous analysis focused on key aspects and challenges of managing cyber risk. We’re incredibly grateful to our partners and sponsors for making the IRIS research possible.

Information Risk Insights Study 2022

Since its original release in 2020, the Information Risk Insights Study has expanded upon its extensive analysis of a huge historical dataset in the IRIS series, shining light on topics like extreme loss events and massive multi-party incidents.

Now, thanks to sponsorship from the Cybersecurity & Infrastructure Security Agency (CISA), the IRIS is back – bigger and better than ever for a 2022 update and expansion. The new study analyzes 77,000 cyber events, $57 billion in reported losses, and 72 billion compromised records. We explore common patterns among those events and identify threat techniques that contributed to their success. 

Download

IRIS Risk Retina for Nonprofits

Data to support NPO’s cyber risk quantification

IRIS Risk Retina® is a service derived from our IRIS research that provides real-world data to support cyber risk quantification. This Risk Retina contains key risk parameters for annualized event frequency and loss magnitude as well as common incident patterns that historically impact nonprofit organizations. Nonprofits face many challenges, and we hope this report makes managing cyber risk a little less fraught with uncertainty.

Download

IRIS Tsunami

The wake of damage following large multi-party incidents

We studied the 50 largest multi-party incidents over the past several years to understand their causes and consequences from beginning to end. This report identified cyber events involving multiple organizations and sought to understand who was behind them, what happened, how the after-effects propagated through the supply chain, and the financial losses for all parties involved.

Download

IRIS 20/20 Xtreme

Analyzing the 100 largest losses of the last 5 years

The Information Risk Insights Study (IRIS) 20/20 “Xtreme” edition continues the IRIS series with in-depth analysis of the 100 largest cyber loss events of the last 5 years. If you’re looking for stats on how often major security incidents occur, how much they cost, what makes them worse, who’s behind them, and how they go down, then this is the study for you! Click the tab below for a sample of what’s in store in the full report.

Download

IRIS 20/20

A Clearer Vision for Assessing the Risk of Cyber Incidents

The IRIS 20/20 aims to clear the fog of FUD surrounding cyber risk and help managers see their way to better data-driven decisions. This first-of-its-kind study leverages a vast dataset from Advisen spanning tens of thousands of breaches over the last decade. Our extensive analysis of that dataset yields valuable insights about the frequency and financial impact of cyber incidents to organizations of all types and sizes. Click the tab below for a taste of what’s in store in the full report.

Download

Want to focus the IRIS on your own organization?

Great news – Our new IRIS Risk Retina service does exactly that!

The foundation of IRIS Risk Retina is an analytical report that includes key risk parameters and common incident patterns specific to your sector. Then you can choose from additional reports from our library that target risk dimensions most relevant to your organization. Best of all, you get your Risk Retina right away for a low flat fee. If you’d like to know exactly what this looks like, check out this Risk Retina for the Nonprofit industry.