Cyentia Institute Forges Path to Enhanced Cyber Risk Assessment with Information Risk Insights Study (IRIS) Risk Retina® Threat Event Analysis

Leesburg, Virginia — August, __  2023 — The Cyentia Institute, known for its exceptional work in cybersecurity research, proudly announces a significant leap forward in the realm of cyber risk assessment with the launch of IRIS Risk Retina® Threat Event Analysis. This special edition of Risk Retina®, developed in collaboration with Advisen, presents a meticulously crafted, data-driven view of threat events that constitute cybersecurity incidents.

Traditional threat event analysis often relies on anecdotes and conjecture, leaving cybersecurity professionals grappling with a lack of concrete data. In response to this challenge, IRIS Risk Retina® Threat Event Analysis dives into a decade of historical threat events, shedding light on the frequency and impact of common threat scenarios, actors, and techniques.

“Our goal is to offer a clearer, more data-driven perspective to support cyber risk assessments,” says the Cyentia Institute. “We recognize that threat event analysis is frequently obscured by hyperbole. With IRIS Risk Retina® Threat Event Analysis, we aim to demystify this critical aspect of cybersecurity.”

To ensure the utmost accuracy and comprehensiveness, Cyentia Institute partnered with Advisen, harnessing their Cyber Loss Data, which includes a staggering 150,000 historical cyber events collected from publicly verifiable sources. This dataset is widely recognized and leveraged by numerous cyber insurers and reinsurers, solidifying its status as the most comprehensive incident dataset available.

Complementing Advisen’s data, Cyentia Institute contributes supplemental research, employs cutting-edge data science techniques, and leverages security expertise to deliver the extensive analysis presented in this Risk Retina.

Information Risk Insights Study (IRIS) Risk Retina® Threat Event Analysis offers a detailed exploration of incident patterns, threat actors, financial impacts, actor trends across sectors and sizes, threat actor varieties, threat actions (including ATT&CK TTPs), VERIS Action Categories, ATT&CK Tactics & Techniques, top initial access techniques, post-compromise techniques, data exfiltration and impact techniques, compromised assets and attributes, and much more.

Key takeaways from the report include:

  • Insiders are responsible for less than 2% of reported financial losses but 40% of data records compromised.
  • 98% of all financial losses from cyber events involve the compromise of valid account credentials.
  • Breaches of personally identifying information (PII) are most common, but loss of corporate financial assets are far more costly (nearly half of all reported losses).
  • Servers are compromised 3x more often than user devices and lead to over 10x the amount of financial losses.

Structured around the “4 A’s” of the VERIS threat model—actors, actions, assets, and attributes—this analysis translates the narrative of “who did what to what (or whom) with what result?” into a format suitable for comprehensive sharing and analysis. ATT&CK is used to provide an in-depth view of common adversary techniques, going beyond VERIS threat action categories.

With the IRIS Risk Retina® Threat Event Analysis, the Cyentia Institute is raising the bar in cyber risk assessment, empowering organizations to make informed decisions and fortify their defenses effectively. This effort underscores the importance of data-driven insights in managing today’s cybersecurity risks.

For further information and to access IRIS Risk Retina® Threat Event Analysis, visit here.

About the Cyentia Institute:

The Cyentia Institute is a premier research and data science firm working to advance cybersecurity knowledge and practice. We accomplish that goal by collaborating with security companies to publish data-driven reports on a range of topics and through analytic services that help organizations manage cyber risk. For more information visit our Thought Leadership page.


Press Contact:

Carolyn Gimarelli
Digital Media Coordinator
[email protected]

The Cyentia Institute

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.