Research

Cyber Awareness: Kickstart your security culture
Trusted insights in an easy-to-share format designed to accelerate CISOs and their team's ability to build a resilient security culture.
Download now
ISF: Your first line of defence in safeguarding your organisation
A resource centre with digital and downloadable resources dedicated to supporting your organisation in its journey to become resilient by design.
Read more
ISF: Your first line of defence in supplier security risk management
A lot of organisations have outsourced to a third party and so they feel as…
Read more
ISF: Your first line of defence in incident response management
A dedicated resource centre showcasing ISF resources to support organisations in preparing for and recovering from business disruption events.
Read more
Department Finance Benchmark 2024
Make informed decisions and drive cost-effectiveness with powerful C-suite department benchmarking data from 200 global organisations.
Read more
Leadership Insights: Exploring the role of the Business Information Security Officer (BISO)
Discover how BISOs can support your ambitions to better connect security with the business and instil a strong security culture.
Read more
Manage Emerging Threats in 2024
Discover the critical threats to expect this year and how to present them in terms that the business can understand and act on in.
Read more
Leadership Insights: Unlocking the business value of security
Explore the historic business perceptions holding back security, and discover steps security leaders can take to accelerate positive change.
Read more
ICS Insights:
Challenging Manufacturers
Has your organisation considered the viable actions to reduce the risks posed if manufacturers are not carefully assessed and managed?
Read more
Embedding Security into Agile Development: Ten principles for rapid improvement
Agile software development methods are proving a better match for today's demanding business environments than…
Read more
Threat Horizon 2025: Scenarios for an uncertain future
Examine multiple contextual scenarios to help set strategies, prepare for potential threats and explore opportunities that lie ahead.
Read more
ISF Resources to Establish Confidence In Your Cyber Resilience
Demonstrate that the appropriate measures are being implemented to embed cyber resilience best practice with key ISF resources.
Resource Hub
Securing Your Supply Chain
Discover how the ISF equips you to respond to supplier risk challenges presented by today’s threat landscape.
Read more
Threat Intelligence:
React and prepare
Get to the core of what threat intelligence is and demonstrate the value it can provide if effectively managed.
Read more
ICS Insights:
Organic convergence
Has your organisation considered the complexity of environments within its ICS security controls?
Read more
Threat Horizon 2024: The disintegration of trust
Should organisations attempt to rebuild trust, or accept that it has disintegrated and adapt accordingly?
Read more
Cybersecurity Solutions for a Riskier World
A ThoughtLab study providing evidence-based insights into the most effective cybersecurity practices and investments.
Read more
Information Security in Mergers and Acquisitions
This excerpt from the full ISF briefing paper introduces a typical four-step process and helps promote the value of security in M&A activity.
Read more

Rehearsing Your Cyber Incident Response Capability
Six Proactive Steps Towards Stabilisation
Read more
Securing the Supply Chain During Periods of Instability
As global pressure on supply chains increase significantly, explore five proactive and actionable steps towards stabilisation.
Read more
Managing Cyber Threats During Periods of Instability
Seven Proactive Steps Towards Stabilisation
Read more
Threat Horizon 2022: Digital and physical worlds collide
Threat Horizon 2022 presents nine potential threats across three themes driven by global events and major developments.
Read more
Demystifying Zero Trust
Zero trust continues to cause confusion across industries. Many vendors sell it as an off-the-shelf solution, but in reality, its successful implementation requires organisations to embark on a larger change programme.
Read more
Review and Gap Analysis of Cybersecurity Legislation and Cybercriminality Policies in Eight Countries
The ISF, in conjunction with CC-DRIVER, have released a report detailing new methods to prevent, investigate and mitigate cybercrime.
Read more
Legal and Regulatory Implications for Information Security: People's Republic of China
Read the latest ISF research on how the Personal Information Protection Law (PIPL) will affect organisations how CII operators must follow and report on data protection and security procedures.
Read more
Understanding the ransomware menace
The average cost to recover from a ransomware attack is $1.85 million. No sector is…
Download Now
Cyber Insurance: Is it worth the risk?
The cyber insurance market has sustainably grown in its relatively short history, but also displayed a volatility.
Read more
Securing Containers: Keeping pace with change
Organisational use of Containers has been increasing rapidly, rising from 23% to 92% in a 4-year period.
Read more
Security Architecture: Navigating complexity
Establish common architectural concepts, avoid common pitfalls, and integrate architecture into your information security function.
Read more
Preparing for the General Data Protection Regulation
The European Union’s General Data Protection Regulation (the GDPR) brings data protection legislation into line…
Read more
Extinction Level Attacks: A survival guide
A detailed, pragmatic approach that aids organisations in being better prepared and ultimately surviving an extinction-level attack
Resource Hub
Threat Horizon 2023: Security at a tipping point
Aimed at CISOs, senior leaders and risk executives, the Threat Horizon 2023 identifies nine future threats to information security grouped within three key theme
Download now
Human-Centred Security: Positively influencing security behaviour
Understand the key factors that influence behaviour, and learn how to deliver impactful security education, training and awareness.
Read more
Remote Working and Cyber Risk
As businesses emerge into the new world, beyond their response to the pandemic, we’re likely…
Read more
How the ISF Supports You in Securing European Railway Infrastructure
The ISF is committed to continually support businesses to stay cyber resilient and the railway sector is no exception. From our human-centred security research series, to our supply chain suite, we have something to support your needs as an organisation.
Read more
Continuous Supply Chain Assurance: Monitoring supplier security
Suppliers help to keep operations moving for all organisations, but this also brings information risk that you must keep a watchful eye on.
Read more
Becoming a next-generation CISO
As organisations undergo digital transformation to make themselves more responsive, CISOs are coming under pressure to help these far-reaching changes succeed.
Read more
ISF CISO Briefing: Adapting to a New World
As countries implement exit strategies from lockdown, the fallout from COVID-19 has presented a complex set of interrelated factors, causing a ripple effect that impacts the global economy, every geographic region, and all industry sectors.
Read more
Securing the Supply Chain: Preventing your suppliers’ vulnerabilities from becoming your own
Sharing information with suppliers is essential for the supply chain to function. However information compromised…
Read more
Securing the IoT: Taming the Connected World
The Internet of Things (IoT) has exploded into the connected world and promises much: from…
Read more
Using Cloud Services Securely: Harnessing Core Controls
Cloud computing has evolved at an incredible speed and, in many organisations, has become entwined with the complex technological landscape that supports critical daily operations.
Read more
Demystifying Artificial Intelligence in Information Security
Whilst AI poses new information risks, it can also be used for good and should become a key part of every organisation’s defensive arsenal.
Read more
Human-Centred Security: Addressing psychological vulnerabilities
Human-centred security starts with understanding humans and their interaction with technologies, controls and data.
Read more
Securing Mobile Apps: Embracing mobile, balancing control
The availability of mobile apps and mobile devices presents organisation with a conundrum. On the…
Read more
Industrial Control Systems: Securing the systems that control physical environments
With so many global organisations heavily reliant on Industrial Control Systems (ICS) to support business operations, senior business managers and boards are now encountering growing pressure to improve and maintain the security of their organisations ICS Environments.
Read more
Delivering an Effective Cyber Security Exercise
Performing cyber security exercises can help organisations improve their ability to detect, investigate and respond to cyber attacks in a timely and effective manner.
Read more
Threat Horizon 2021: The digital illusion shatters – Full report now available to download
The world is now heavily digitised. Technology enables innovative digital business models and society is…
Read more
Building A Successful SOC: Detect Earlier, Respond Faster
Building a successful Security Operations Centre (SOC) can greatly enhance the ability to detect and disrupt cyber attacks, protecting the business from harm.
Read more
Protecting the Crown Jewels: How to Secure Mission-Critical Assets
Mission-critical information assets – an organisation’s “crown jewels” – are information assets of greatest value and would cause major business impact if compromised.
Read more
Blockchain and Security: Safety in Numbers
Understanding the potential security risks related to blockchain and how they can be addressed, is vital for any organisation planning to use it as the basis for developing applications.
Read more
Engaged Reporting: Fact and fortitude
Now that cyber security has the attention of the board and information risk is on the agenda, CISOs are being asked increasingly tough questions about security investment and risk.
Read more
Engaging with The Board: Balancing cyber risk and reward
When boards and CISOs engage successfully, organisations are better able to take advantage of the…
Read more
Establishing A Business-Focused Security Assurance Programme: Confidence In Controls
How secure is your organisation’s information? At any given moment, can a security leader look an executive in the eye and tell them how well business processes, projects and supporting assets are protected?
Read more
Building Tomorrow’s Security Workforce
Business and security leaders today must actively work to build and sustain a robust security workforce, as shortfalls in skills and capability to manage risk can manifest as major security incidents that damage organisational performance, reputation and image.
Read more
Data Leakage Prevention (DLP)
The increasing adoption of collaboration platforms, cloud services and social media, which are often accessed using personal devices, has introduced a host of new ways for sensitive data to leak.
Read more
Managing the Insider Threat: Improving Trustworthiness
The insider threat has intensified as people have become increasingly mobile and hyper-connected. Almost every worker has multiple devices that can compromise information instantly and at scale: impact is no longer limited by the amount of paper someone can carry.
Read more
Data Privacy in the Cloud: Enabling business agility by managing risk
With cloud-based systems come inherent challenges. These are further complicated as data subject to privacy regulation inevitably moves into the cloud.
Read more