Cyentia Institute Research
Browse this collection of publications that showcase our commitment
to producing valuable research for the cybersecurity community.
-
State of Pentesting Report 2026
Partner: Cobalt Security
Every organization running a security program has a theory about how exposed they are to risk, but this report is about what the data actually shows. Drawing on results from thousands of penetration tests and a qualitative survey of 450… -
2026 State of Software Security
Partner: Veracode
Innovation and risk are inseparable, but the 2026 State of Software Security (SoSS) report illuminates a sobering reality: flaw creation is decisively outstripping remediation capacity. The accumulation of “security debt”—known vulnerabilities left unresolved for more than a year—is now a… -
2025 Ripples Across the Risk Surface
Partner: RiskRecon by Mastercard
Our actions impact those around us, and in cybersecurity, an incident at one organization rarely stops at its perimeter. When one firm’s security failure propagates to impact third parties, we call it a “ripple event”. This 2025 study analyzes more… -
Risky Business
Partner: Living Security
Every cybersecurity leader knows that employees represent both their most critical exposure and their most valuable asset. This report meets that challenge head-on by analyzing data from the Human Risk Management (HRM) programs of over 100 organizations. It moves past… -
IRIS 2025
Partner: CISA
Information Risk Insights Study 2025 Inside the Shifting Threat Landscape IRIS 2025 analyzes long-term cyber incident patterns to show where risk is increasing, where it’s fading, and where new exposures may emerge. These insights help organizations move beyond headlines to… -
2025 State of Pentesting Report
Partner: Cobalt Security
Knowledge is power, and in security, that power must be derived from actionable insights rather than assumptions. This 2025 edition of the State of Pentesting examines the results of thousands of tests conducted via the Cobalt Offensive Security Platform to… -
Global 2000: Supply Chain Cyber Risk
Partner: SecurityScorecard
Companies among the Forbes Global 2000 stand at the forefront of economic output and influence. Collectively accounting for $51.7 trillion in revenue, these corporate giants underscore their critical role in the global economy. However, with great economic power comes great… -
2025 State of Software Security
Partner: Veracode
Realizing progress in software security requires a risk-based perspective that moves beyond traditional patching to focus on exploitable feedback loops. This 15th volume of the State of Software Security (SoSS) analyzes 1.3 million applications to establish a new benchmark for… -
Exposing Human Risk
Partner: Mimecast
In our current cybersecurity environment, where threat actors carry snazzy monikers like ‘Volt Typhoon’ and ‘Dark Scorpius’, it’s unfortunate that everyday users often get overlooked or underestimated in cyber risk assessments. But ask security leaders about what keeps them up… -
IRIS Ransomware
Partner: CISA
IRIS Ransomware A data-driven analysis of thousands of ransomware incidents designed to replace fear and uncertainty with clear insights that help organizations strengthen their defenses. Understanding the True Impact of Ransomware Supported by CISA, this IRIS report analyzes more than…
Want to commission Cyentia research?
Great! Let’s explore ways we might work together to create impactful content. Tell us a bit about what you’re looking for, and we’ll reach out to set up a discussion.