Cyentia Institute
Axio and Cyentia Institute join forces to boost data-driven cyber risk quantification for enterprises
Axio announced a new joint initiative with Cyentia Institute, a research and data science firm with a mission to advance knowledge in the cybersecurity industry. Together, …
High-risk users may be few, but the threat they pose is huge
High-risk users represent approximately 10% of the worker population and are found in every department and function of the organization, according to Elevate Security …
50% of organizations have indirect relationships with 200+ breached fourth-party vendors
98 percent of organizations have vendor relationships with at least one third-party that has experienced a breach in the last two years, according to SecurityScorecard and The …
70% of apps contain at least one security flaw after 5 years in production
Veracode revealed data that could save organizations time and money by helping developers minimize the introduction and accumulation of security flaws in their software. Their …
Only 10% of vulnerabilities are remediated each month
A research from SecurityScorecard and The Cyentia Institute revealed only 60% of organizations have improved their security posture despite a 15-fold increase in cyber-attacks …
A multi-party data breach creates 26x the financial damage of single-party breach
Cyentia Institute and RiskRecon released a research that quantifies how a multi-party data breach impacts many organizations in today’s interconnected digital world. The study …
When exploit code precedes a patch, attackers gain a massive head start
Cybersecurity researchers that publicize exploit code used in cyberattacks are giving a clear and unequivocal advantage to attackers, new research conducted by Kenna Security …
Security awareness training doesn’t solve human risk
Traditional employee risk mitigation efforts such as security awareness training and phishing simulations have a limited impact on improving employees’ real-world …
Risk-based vulnerability management has produced demonstrable results
Several years ago, risk-based cybersecurity was a largely untested and hotly debated topic. But the tests have since been administered and the debate largely settled: …
The current state of third-party risk management
Third-party risk management (TPRM) professionals increasingly do not trust that security questionnaires provide sufficient information to properly understand and act on their …
The effectiveness of vulnerability disclosure and exploit development
New research into what happens after a new software vulnerability is discovered provides an unprecedented window into the outcomes and effectiveness of responsible …
Companies continue to expose unsafe network services to the internet
33% of companies within the digital supply chain expose common network services such as data storage, remote access and network administration to the internet, according to …