Our team does annual research into root causes of cybersecurity incidents, and addresses the human element in cause and effect of these incidents. Besides summing up our findings in a publicly available report, we also use this information for trainings and conversations with clients and peers.
There is however a lot more information that we gather, but have not published (yet). For example, did you know that 8 out of 10 companies we investigated had cybersecurity policies and were compliant with these policies? Shocking, isn’t it? But there is more. 10 out of 10 companies we investigated had postponed recommended cybersecurity measures. 9 out of 10 had reduced they budgets for security measures prior to the incident, and significantly increased budgets after the incidents…!
We are having internal conversations about the format and content of our next report which will cover our findings for the cybersecurity incidents that occurred during 2021. One proposal is to highlight the findings we have not published so far.