The Information Risk Insights Study (IRIS) Series
Cyber risk quantification has been plagued by FUD (fear, uncertainty, and doubt) for far too long and our research series, the Information Risk Insights Study, is dedicated to clearing away these fears by leveraging real-world data and rigorous analysis focused on key aspects and challenges of managing cyber risk. We’re incredibly grateful to our partners and sponsors for making the IRIS research possible.
The Information Risk Insight Study Suite
IRIS Tsunami
We studied the 50 largest multi-party incidents over the past several years to understand their causes and consequences from beginning to end. This report identified cyber events involving multiple organizations and sought to understand who was behind them, what happened, how the after-effects propagated through the supply chain, and the financial losses for all parties involved.
IRIS Xtreme
The Information Risk Insights Study (IRIS) 20/20 “Xtreme” edition continues the IRIS series with in-depth analysis of the 100 largest cyber loss events of the last 5 years. If you’re looking for stats on how often major security incidents occur, how much they cost, what makes them worse, who’s behind them, and how they go down, then this is the study for you!
IRIS 2022
Since its original release in 2020, the Information Risk Insights Study has expanded upon its extensive analysis of a huge historical dataset in the IRIS series, shining light on topics like extreme loss events and massive multi-party incidents.
IRIS Ransomware
Ransomware remains a dominant force in the cybersecurity landscape, inciting significant concern across industries. Regular headlines underscore the catastrophic effects of these attacks, underscoring the vital need for robust defenses and informed decision-making. Our Information Risk Insights Study on Ransomware aims to transform the prevalent fear, uncertainty, and doubt (FUD) into a proactive stance of awareness, preparedness, and resilience. By presenting clear, data-driven insights, we guide organizations from uncertainty to strategic, informed action.
IRIS 20/20
The IRIS 20/20 aims to clear the fog of FUD surrounding cyber risk and help managers see their way to better data-driven decisions. This first-of-its-kind study leverages a vast dataset from Advisen spanning tens of thousands of breaches over the last decade. Our extensive analysis of that dataset yields valuable insights about the frequency and financial impact of cyber incidents to organizations of all types and sizes.
IRIS Threat Event Analysis (T.E.A.)
Offering a detailed exploration of incident patterns, threat actors, financial impacts, actor trends across sectors and sizes, threat actor varieties, threat actions (including ATT&CK TTPs), VERIS Action Categories, ATT&CK Tactics & Techniques, top initial access techniques, and much more.
With the IRIS Risk Retina® Threat Event Analysis, the Cyentia Institute is raising the bar, empowering organizations to make informed decisions and fortify their defenses effectively.
