In this episode, I sit down with longtime industry researcher Wade Baker to dive into Cyentia's latest IRIS report. The report provides a data-driven look at incident trends, impacts, costs, and more.

Are cyber incidents becoming more or less frequent? Are specific industries doing better than others? What does the average incident impact actually look like?

Tune in to learn the answers, along with many other interesting insights!

The report found that the number of security incidents continue to climb YoY, which isn’t a surprise, although there has been peaks and valleys throughout various periods, note the huge uptick in 2021~

Similar to recent reports such as DBIR and M-Trends, application exploitation (e.g., system intrusion) is climbing. In contrast, methods such as physical threat and others have declined due to increased cloud adoption, virtual infrastructure, and so on.

One finding that may surprise some is that the proportion of incidents is going down for some organizations, particularly the largest enterprises, while it is going up for SMBs and smaller organizations. This ties to concepts such as the cybersecurity poverty line, which I have discussed in other articles, such as with 

Ross Haleliuk

 in our article “Lifting the world out of cybersecurity poverty.”

This is likely due to factors such as large enterprise organizations having robust security teams, larger budgets, being able to afford the latest security tooling and more, while SMB’s often fail to have many of these and deal with resource constraints in both dollars and expertise.

We also see sectors which had historically low incidents now climbing, likely due to factors such as increased adoption of software and being digitally connected, as well as being a previously untapped sector for attackers