Pages
- [2025] Home
- About
- All Blog Posts
- Blog
- Contact
- Episodes
- EPSS A Visual Exploration of Exploits in the Wild
- Events
- Full Privacy Policy
- Home
- Information Risk Insights Study (IRIS)
- IRIS Ransomware
- IRIS Threat Event Analysis
- Library
- Multi Source Analysis of Top MITRE ATT&CK Technique
- Original Research Publications
- Our Clients
- Podcast
- Press
- Privacy Policy
- Services
- Sitemap
- Sponsor
- Thought Leadership
- Unveiling the IRIS 2022
Posts
Analysis
- 2023 Highlights! A Year in Review
- ¾ of Century of Cybersecurity Solitude
- A Deep Dive into the Manufacturing Sector
- Addressing Cybersecurity's Top Challenges & Providing Unique Advantages
- Application Security and "Typical" Fix Times
- Application Security and Burstiness
- Back to the TVaR
- Bridging 18y Studying Cyber Risk in Supply Chains
- Call for Sponsors: 2025 IRIS Xtreme
- Call for Sponsors: Meta-Study on ATT&CK techniques
- Call for Sponsors: Sector-Focused Risk Retina
- Championing Cybersecurity Progress: How You Can Contribute
- Cisco Security Outcomes Study Methodology Post II: The Rise of Item Response Theory
- Cisco Security Outcomes Study methodology post! Attention Stats Nerds!
- Communicating Risk: Loss Exceedance Curves
- Connecting Minds, Shaping Futures: Join our Research Panel!
- Cyber Frights and Delights in Nation Cybersecurity Awareness Month
- Cyber Risk in Healthcare: A Comprehensive Analysis with IRIS Risk Retina for the Healthcare Sector
- Cyentia Monthly: Cyber Risk Chronicles, July
- Demystifying Data: Dive into Cyentia's Research Library
- Does Cyber Threat Intelligence Raise Our Intelligence? Unveiling the Surprising Connection
- Don't fear the smoother
- Enhance Your Risk Management: Exploring Nth-Party Complexities in Our Latest Report
- Enhanced Marketing Strategies: Cyentia's Insights for Healthcare and Recent Cybersecurity Incidents
- Enhancing Threat-Driven Remediation: Prioritizing Vulnerabilities with Exploit Intelligence
- EPSS version 2 is out!
- Exploring Common Attack Techniques, Their Impact in Cybersecurity & the Criticality of Expert Analysis
- Exploring Exploit Intelligence Service (EIS): Tracking Exploit Code
- Exploring Insights from "Multi-Source Analysis of Top MITRE ATT&CK Techniques"
- Finally - A Properly Sampled Security Survey
- Finding (san)Key Protections Against Ransomware
- Finding the Sweet Spot
- Future Trends in Ransomware Defense Across Sectors
- Gain Confidence with Confidence Intervals
- Gobble Up These 10 Insights for a Happy Cyber Thanksgiving!
- I Once Called Vuln Researchers NVPs; Are They MVPs Instead?
- IRIS Tsunami - Lessons from 50 of the largest multi-party cyber incidents
- Jack Freund Joins Cyentia to Expand Risk Analysis Services
- Looking Back on 2021
- Measuring Ransomware, Part 1: Payment Rate
- Measuring Ransomware, Part 2: Ransom Demands
- Measuring Ransomware, Part 3: Prevalence
- Nine Years of Turning Data Into Decisions
- Patching Is *Much* Slower Without Vendor Support
- Patching, Fast and Slow
- Paying Ransoms & Information Asymmetry
- Probability of Zero-Day Co-Discovery at Scale
- Quantify, Analyze, Protect: IRIS Risk Retina Reports for Effective Cyber Risk Management
- Ransomware's Heavy Toll Across Industries
- Revisiting GitHub as a Source for Exploits
- Revisiting the Ripple Effect in Breaches - What's Making Waves in 2021?
- Salving Human Risk in Cybersecurity
- Santa's Data Breach Debacle
- Secure Your Future with the IRIS Risk Retina® for the Finance Industry
- Size Matters: Ransomware Impact on Different Organization Sizes
- Stranger Threats: One Attack Can Change Everything
- Strengthening Industry Security: The New SEC Ruling
- Supply Chain Multiplicity: Not as sharp as the original
- Survival in Application Security
- Ternary plots for visualizing (some types of) 3D data
- The Death of Infosec Twitter
- The Hidden Complexity of Vulnerability Remediation: Bridging the Gap between Data and Common Advice
- The Pithy P2P: 5 years of vulnerability remediation & exploitation research
- Transforming Cyber Threat Intelligence into Security Action with MITRE ATT&CK
- Understanding the Need for Timely Vulnerability Remediation
- Understanding Threats with the Information Risk Insights Study's Risk Retina Threat Event Analysis
- Unlocking the Global Impact of Ransomware: Insights from the IRIS Ransomware Report
- Unmasking the Human Risk: Why Salespeople and Executives Are Prime Phishing Targets
- Visualizing the Value of Attack Path Choke Points for Prioritization
- Vulnerability at the Crossroads – Ransomware in Education and Transportation
- What are the Biggest Security Exposures?
- What Matters More in Software Security - Nature or Nurture?
- Who Has the Advantage - Attackers or Defenders?
- Who's Our Biggest Source of Cyber Risk: Outsiders or Insiders?
- Why does EPSS score some CVEs on the KEV so low?
- Why your MTTR is Probably Bogus
IRIS
- A Deep Dive into the Manufacturing Sector
- Axio and Cyentia Institute Partner, Enhancing Data-Driven Cyber Risk Quantification for Organizations Across the Globe
- Call for Sponsors: Sector-Focused Risk Retina
- Cybersecurity Unleashed: A Powerful Partnership to 'Byte' at the Threats Together!
- Future Trends in Ransomware Defense Across Sectors
- Looking back at 2024
- Mastering Cyber Risk: Strategies for a Secure Future
- Press Release: Information Risk Insights Study (IRIS) Risk Retina® Threat Event Analysis
- Press Release: Information Risk Insights Study - Ransomware
- Ransomware's Heavy Toll Across Industries
- Size Matters: Ransomware Impact on Different Organization Sizes
- Strengthening Healthcare Security: Optimizing Vulnerability Remediation with IRIS Risk Retina
- The Hidden Threats in the Skies: Cybersecurity Lessons from Recent Aviation Crises
- The IRIS Threat Event Analysis is Coming Soon!
- Vulnerability at the Crossroads – Ransomware in Education and Transportation
- We spill the Tea on Threat Event Analysis!
News
- A Deep Dive into Cybersecurity Behaviors
- And we’re live!
- Axio and Cyentia Institute Partner, Enhancing Data-Driven Cyber Risk Quantification for Organizations Across the Globe
- Call for Participation: 2018 Cyber Balance Sheet
- Call for Sponsors: Inaugural Exploit Prediction Annual Report
- Cybersecurity Unleashed: A Powerful Partnership to 'Byte' at the Threats Together!
- Cyentia Institute Named A Contributor to Verizon's 2024 Data Breach Investigations Report (DBIR)
- Cyentia Podcast
- Cyentia Starting a Study and Seeking SOCs
- Elevate Your Vulnerability Management: Harnessing the Power of EPSS
- EPSS version 2 is out!
- GitHub: A Source for Exploits
- Help Save the Cybersecurity Research Library!
- Introducing Cyentia's new data scientist
- Introducing the Cyentia Library
- IRIS 20/20 Webinar - Audience Questions
- IRIS 20/20 Xtreme Webinar - Audience Questions
- Looking back at 2024
- Press Release: A Visual Exploration of Exploits in the Wild - The Inaugural Study of EPSS Data and Performance
- Press Release: Information Risk Insights Study - Ransomware
- Re-introducing the Cyentia Research Library
- Seeking Sponsor for Study on Extreme Cyber Loss Events
- The Hidden Threats in the Skies: Cybersecurity Lessons from Recent Aviation Crises
- The IRIS Threat Event Analysis is Coming Soon!
- The State of Third-Party Risk Management with Risk Recon
- The Year of Maturity and Risk-Based Resilience
Press Releases
- Axio and Cyentia Institute Partner, Enhancing Data-Driven Cyber Risk Quantification for Organizations Across the Globe
- Cyentia Institute Publishes Groundbreaking Research on the Frequency and Cost of Breaches
- Cyentia Institute Publishes IRIS Tsunami: Lessons from 50 of the largest multi-party cyber incidents
- Cyentia Institute Publishes IRIS Xtreme on the 100 Largest Cyber Loss Events
- New Research: Balancing Third-Party Risk
- New Research: Close Encounters of the Third & Fourth Party Kind Subsector Reports
- New Research: Mitigating Ransomware's Impact
- New Research: Navigating the Paths of Risk - The State of Exposure Management in 2023
- New Research: Reining in Ransomware
- New Research: Road to SecOps Maturity
- New Research: Striking Security Gold
- New Research: Voice of the Analyst Study
- New Webinar: Elevate Security and Cyentia Institute Release Third Annual Research Study on User Risk
- Press Release: A Visual Exploration of Exploits in the Wild - The Inaugural Study of EPSS Data and Performance
- Press Release: Information Risk Insights Study (IRIS) Risk Retina® Threat Event Analysis
- Press Release: Information Risk Insights Study - Ransomware
- Prioritization to Prediction, Vol. 9: Role of the known exploited vulnerability catalog in risk-based vulnerability management
Report
- A Deep Dive into Cybersecurity Behaviors
- Application Security and "Typical" Fix Times
- Application Security and Burstiness
- Bridging 18y Studying Cyber Risk in Supply Chains
- Call for Sponsors: Inaugural Exploit Prediction Annual Report
- Elevate Your Vulnerability Management: Harnessing the Power of EPSS
- Exploring Insights from "Multi-Source Analysis of Top MITRE ATT&CK Techniques"
- Finding (san)Key Protections Against Ransomware
- I Once Called Vuln Researchers NVPs; Are They MVPs Instead?
- Internet Risk Surface in the Financial Sector
- IRIS 20/20 Webinar - Audience Questions
- IRIS 20/20 Xtreme Webinar - Audience Questions
- IRIS Tsunami - Lessons from 50 of the largest multi-party cyber incidents
- New Research: Balancing Third-Party Risk
- New Research: Close Encounters of the Third & Fourth Party Kind Subsector Reports
- Paying Ransoms & Information Asymmetry
- Press Release: A Visual Exploration of Exploits in the Wild - The Inaugural Study of EPSS Data and Performance
- Press Release: Information Risk Insights Study (IRIS) Risk Retina® Threat Event Analysis
- Prioritization to Prediction, Vol 3: Wade’s Take
- Prioritization to Prediction, Vol. 9: Role of the known exploited vulnerability catalog in risk-based vulnerability management
- Salving Human Risk in Cybersecurity
- Strengthening Healthcare Security: Optimizing Vulnerability Remediation with IRIS Risk Retina
- The State of Third-Party Risk Management with Risk Recon
- The Year of Maturity and Risk-Based Resilience
- Visualizing the Value of Attack Path Choke Points for Prioritization
- We spill the Tea on Threat Event Analysis!
- What Matters More in Software Security - Nature or Nurture?
- Who Has the Advantage - Attackers or Defenders?
© Copyright 2025 Cyentia Institute