Last Update: 2025-04-05

(DRAFT) This is a list of threat and risk reports curated by The Cybersecurity Librarian. This is the list of annual and periodic reports I read to keep informed on changes in the threat landscape and to forecast threats for the coming months. It is updated annually.

Overview

If you work in cybersecurity, you face a difficult reality: constantly changing threats. What worked to defend your organization last year (or month) may not work today. Your adversaries partially dictate your operational tempo. When they innovate you must match their pace or you will be left unaware of your vulnerability and exposure.

A constantly changing threat landscape frequently means that no cybersecurity program is complete and there is always too much to do. To succeed, you will necassarily need to set priorities based on “threat-risk”: estimates of the liklihood that a threat could have a material impact on you in the near future.

But how do you stay informed as to what threats are relevant to you? Which should be viewed a risk that requires mitigation in the near-term? That is where having a well curated list of threat reports helps.

I use this list to keep myself informed and adjust my understanding of shifts in the threat landscape annually.

Categories of Report

I categorize these reports using several demensions:

  1. Frequency of Publication
  2. Type of Publisher
  3. Scope of Report
  4. Focus of Report

Frequency of Publication

This list is intended for strategic insights. I only include in this list reports that are infrequently published: annually or quarterly. This is to give you a look back at the trends to look for patterns that might indicate a trend.

Should you track sources more frequently? Yes, but daily, weekly, and monthly reports forecast threats that require immediate operational or tactical adjustments. You need a collection process for that: your sources will change frequently.

Where possible, I include the rough time-of-year when annual reports are expected. Some are predictably published in specific months or quarters. It helps to know when to go looking!

Type of Publisher

It helps to understand the bias and context of each report. Commercial vendors often publish reports. Despite being marketing tools, certain vendors have unprecendented or unique insight into threats. Government organizations also supply report but the context or scope may bias their view: do they only analyze Nation-based cyber-espionage and ignore cybercrime? Do they only focus on fraud that targets indviduals?

Scope of the Report

The scope of the report is important. Some have a global focus, others limited to a specific customer base or Nation. I have no fixed vocabluary for these but I attempt to identify the scope.

Focus of the Report

You should have some diversity in your curated list. You need to consider cybercrime, geopolitics, IT/OT, cyberware, fraud etc. So I identify the focus as best as I can so I can later consider if I have enough sources for each of my priority requirements.

Curated List of Reports

PIRs/Identified Topics Cloud Threats Software Supply Chain Ransomware-as-a-Service Nation-aligned cyber-attacks Post-quantum Threats Mobile Threats

Threats that target various assets:

  • Cloud
  • Mobile
  • Endpoint
  • Web Applications
  • Network Services
  • Encrypted Data (Network and Storage)
  • People
  • Software Applications

Annoted Bibliography

Verizon Data Breach Investigations Report (DBIR).
This is one of the longest running cybersecurity reports available. It uses the VERIS Vocabulary to classify incidents. It provides a common basis with which can compare your own incidents and other reports.
World Economic Forum Global Risk Report
Based on the Global Risks Perception Survey whose participants include a wide variety organizations across the globe, this provides unique insight into the evolving risk landscape. It is not cybersecurity specific and therefore gives us insight into where cybersecurity should be prioritized relative to other business risks.
World Economic Forum Global Cybersecurity Outlook
The World Economic Forum’s Global Cybersecurity Outlook 2025, written in collaboration with Accenture, examines the cybersecurity trends that will affect economies and societies in the year to come. The report explores major findings and puts a spotlight on the complexity of the cybersecurity landscape, which is intensified by geopolitical tensions, emerging technologies, supply chain interdependencies and cybercrime sophistication.
Crowdstrike Global Threat Report
Crowdstrike has remarkable access to real-world attack data both from their Falcon product but also from their threat hunting and incident response practices. They are a leading Incident Response provider, and each year the investigate some of the biggest, and smallest, threats.
Cisco Talos Year in Review
Cisco Talos’ Year in Review reveals insights into how cyber criminals carried out their campaigns, and what made an attack successful. Read about threat actor activities across topics including top targeted vulnerabilities, network-based attacks, email threats, adversary toolsets, identity attacks, multi-factor authentication abuse, ransomware, and AI-based threats.
Department of Homeland Security Threat Assessment
This report covers cyber and non-cyber threats. This respresent the USA nexus of threat, filtered through the lens of government policy. It should be checked for bias and omissions given the current US government climate.
ENISA Threat Landscape Reports
ENISA publishes several reports that include cyberthreat coverage. These are seen through the European nexus of threat. Their Foresight Cybersecurity Threats provide a unique longer time frame of forecasting. They also have a report specific to the Finance Secrore.
FBI Internet Crime Complaint Center (IC3) Reports
The FBI operates the Internet Crime Complaint Center which receives reports from US Citizens of cybercrime. Their annual reports given insight into the crimes that affect individuals, not just businesses. Most other reports are biased toward espionage, cyberwar, and cybercrime targeting organizations. These reports provide a balancing perspective on the individual’s nexus-of-threat.
RedCanary Threat Detection Report
RedCanary is a leading Managed Security Provider and has visibility into a large number of cyberattacks. Further, they have an outstanding threat intelligence team.
Mandiant M-Trends Report
Like Crowdstrike, Mandiant has unprecendented visibility into cyberattacks of all sizes. They have a long track record of tracking Nation-sponsored cyber attacks against Western countries.
Flashpoint Global Threat Intelligence Report
Not on my list for high priority.
Google Cybersecurity Forecast
Google now owns Mandiant, but also has it’s own cybersecurity teams. This report provides insights from their Cloud security marketing. It includes insights into AI and Cloud threats. Note: this is published by Google Content Marketing team: it is not from one of their intelligence units. A sales bias shoudl be assumed.
Google Cloud Threat Horizons Report
Published twice a year, this report is specific to Cloud security threats and names specific actors known to launch real world cloud attacks.

RecordedFuture Cyber Threat Analysis Report

Microsoft Digital Defense Report

Sophos Threat Report
Sophos Active Adversary Report
Now it it’s fifth year of publication (as of 2025), Sophos provides excellent analysis of cyber attacks. While they are not the biggest security software provider, they have excellent threat intelligence.
Reliaquest Annual Threat Report
Reliaquest has purchased and developed a number of threat intelligence platforms and services. While they lack the scope of other intelligence services, they have timely coverage of major trends in cyber attacks.

FIRST Vulnerability Forecast

Uptycs Threat Bulletin
Arguably and authority on cloud cyber attacks.

ISACA State of Privacy https://www.isaca.org/resources/reports/state-of-cybersecurity-2024 https://www.fairinstitute.org/blog/takeaway-from-isaca-report-cybersecurity-needs-new-quantitative-focus

FS-ISAC https://www.fsisac.com/navigatingcyber2024 https://www.fsisac.com/hubfs/Knowledge/NavigatingCyber/2024/FSISAC-NavCyber24-Report.pdf

Canadian Centre for Cyber Security Cyber Threat Assessment

https://www.cyber.gc.ca/en/guidance/baseline-cyber-threat-assessment-cybercrime https://www.cyber.gc.ca/en/guidance/threat-large-language-model-text-generators

Intel 471 Cyber Threat Report
Intel 471 leads on threat intelligence processes and frameworks. They also have outstanding visibility into cyber criminal networks and forums.

Akamai Palo Alto SiloBreaker Huntress Threat Report IBM X-Force Threat Intelligence Index IBM X-Force Cloud Threat Landscape Report Crowdstrike Threat Hunting Report Veracode State of Software Security Accenture State of Cybersecurity Resilience ISC2 Cyberthreat Defense Report Deloitte Future of Cyber Survey Proofpoint Voice of the CISO Report KnowBe4 Cybersecurity Culture Report PwC Global Digital Trust Report Splunk State of Security Verizon Mobile Security Index Snyk State of Open Source Security Checkmarx State of Software Supply Chain Security Crowdstrike SaaS Security Posture Management ISC2 Cloud Security Report Palo Alto State of Cloud Native Security Report Google Cybersecurity Forecast 2025 Cobalt State of Pentesting HackerOne Hacker Powered Security Report Proofpoint Data Loss Landscape

Research Sources

This section is a list of sites and search strategies I use to discover new sources for potential inclusion in this list. Every year there are new sources.

https://github.com/jacobdjwilson/awesome-annual-security-reports https://github.com/hslatman/awesome-threat-intelligence

Obtaining Access to Private Sources

Some of the sources listed here require subscriptions or membership in private groups. When that is true, I will clearly identify the source and provide a footnote on how to obtain access or membership.

Gartner

FS-ISAC

Canadian Centre for Cybersecurity (CCCS)

ISACA