burger menu

IT Research Finder Awards 2019

Best Free Reports on Cyber Security

The IT Research Finder award jury has selected the following winning reports from hundreds of English-language reports that were published in 2019 on the topic of cyber security and are available at no cost to the general public.


Bashe attack: Global infection by contagious malware by Cyber Risk Management in collaboration with the Cambridge Centre for Risk Studies, Lloyd's, Aon Centre for Innovation and Analytics, MSIG, and SCOR TransRe

This year’s winner in the jury’s assessment is the CyRiM project with its report “Bashe attack: Global infection by contagious malware”.The report is a fictionalized, very detailed account of a massive, global cyber attack that has a catastrophic impact across the world economy and leads to massive economic losses. The strength of this winning report is that it’s an utterly shocking case study that demonstrates how vulnerable the world has become to cyber crime. This report is an excellent read and conveys a very strong message to all companies and governments – big or small: Be prepared! (Download report


State of the Phish by Proofpoint

The second place report is “State of the Phish” by cyber security company Proofpoint. The report has a very strong empirical underpinning: it is based on tens of millions of simulated phishing e-mails that were sent out to test users’ responses, a survey of 18,000 infosec professionals and an additional survey of 7,000 working adults across seven countries to test the awareness of the average end user. The report gives a very detailed and data-rich picture of the extent of the end-user risk regarding phishing and social engineering attack. In addition, the report vividly describes information security professionals’ experience and how phishing impacts organizations. (Download Report). 


Managing Enterprise Risk in a Digitial World by BakerHostetler

Sharing second place is a report by BakerHostetler titled “Managing Enterprise Risks in a Digital World”. This research is based on 750 real-life incidents which were handled by the law firm in 2018. The report highlights the collision of data security, privacy and compliance with their often conflicting objectives and regulations. But the report also stresses the basic steps of cyber security hygiene that every firm should follow. This report shows how cyber security plays out in the trenches of real organizations and gives excellent guidelines for any organization that has to deal with the ever increasing cyber crime wave in a tight framework of regulation and compliance demands. (Download report)


Leading reports stress the grave danger of cyber attacks but also show how to navigate the risks

In this year’s evaluation of free cyber security reports the jury saw hundreds of excellent, thorough research reports with full and free access available to a general audience, but the winning reports also provided a deeper understanding of how to handle the risks in a world full of uncertainties. They all convey a clear message: Cyber security is not only about the known unknowns, but more importantly about the unknown unknowns. Any executive has to factor this in and these reports are a good compass. 

IT Research Finder’s award jury distills one key message from all the winning reports: Cyber security, with its sister topics privacy and compliance, are looming large over the corporate world. It is critical to handle these topics on a strategic level. No CEO will be able to close their eyes to these threats. Reading these three reports will be a good start to getting involved.


Rating Methodology:

The award jury selected the winning reports from hundreds of English-language reports that have been published in 2019 on the topic of Security and are available at no cost to the general public. The three members of the jury panel are independent IT analysts with decades of research experience, and they have no connection to the publishers of the reports. 

The awards are based on the following criteria:

  • Quality of the research methodology and empirical data (30%)
  • Clear message and practical conclusions (20%)
  • Understandable, concise language (20%)
  • Innovative design and data visualization (20%)
  • Contribution to sustainable and ethical business practices (10%)