Key statistics and trends.
Adults' Media Use and Attitudes Report 2014
Report from OFCOM, the UK communications sector's regulator and competition authority
Annual Security Report 2013
Overview of information security intelligence from Cisco.
Application Security Trends Report
Cenzic's overview of the web application security market, key findings, top 10 vulnerabilities, and breakdowns of web application vulnerabilities.
Application Usage & Threat Report
Enterprise application usage and threat activity from Palo Alto Networks.
The Cost of Cyber Crime
Estimate of the cost of cyber crime to the UK economy, produced by Detica in partnership with the Office of Cyber Security and Information Assurance in the Cabinet Office.
Cyber Vulnerability Index 2012
An assessment of information leakage from the Forbes 2000 list of companies.
Data Breach Investigations Report 2014
Security breach information and analysis from Verizon.
Financial Services Global Security Study 2013
Drivers, issues and trends from a survey of the world's financial industry by Deloitte.
Fraud Index 2014Q1
Analysis of online payment scans by country, IP address, card type, etc by 2Checkout.
Global Security Report 2014
Detailed analysis of actual incident investigations and penetration tests, and global trends from Trustwave.
Global Phishing Survey: Domain Name Use and Trends, 2H2013
Comprehensive analysis of phishing from the Anti-Phishing Working Group (APWG). See also Phishing Attack Trends Report, below.
Global State of Information Security Survey 2014
Results from a survey conducted by PricewaterhouseCoopers.
The Internet in Britain 2009
Internet usage and demographics from the Oxford Internet Institute. See also OFCOM report above.
Information Security Breaches Survey 2013
Business information security survey, including controls, incidents and exposures. Produced for the UK government's Department for Business, Innovation and Skills (BIS) by PricewaterhouseCoopers.
Internet Security Threat Report Volume 19, 2014
Symantec's analysis of internet attacks, vulnerabilities, malicious code, phishing, spam and security risks.
Information on the changing threat landscape from Mandiant.
Mobile Threat Report Q1 2014
Summary of mobile application threat data from F-Secure.
Payment Card Industry Compliance Report 2014
Payment card data threats, PCI DSS compliance, validation and information from QSA assessments and forensic investigations of breaches from Verizon.
Payment Card Industry Data Security Standards Trends Study 2011
Survey of IT and IT security practitioners in the US of their views about the Payment Card Industry Data Security Standard (PCI DSS) by the Ponemon Institute and Imperva.
Phishing Attack Trends Report, Q4 2013
Phishing statistics, trends and analysis from the Anti-Phishing Working Group (APWG) and its members. See also Global Phishing Survey: Trends and Domain Name Use, above.
Security Spending Benchmarks, Q2 2009
Benchmarking to justifying overall web application security spending from OWASP. This quarter's report has a special focus on cloud computing.
Security Threat Report 2014
Current and predicted cybercrime trends including some useful statistics on web site/server threats from Sophos.
State of the Internet, Q4 2013
Data on attack traffic, average & maximum connection speeds, Internet penetration and broadband adoption, and mobile usage from Akamai.
State of Software Security Report - The Intractable Problem of Insecure Software, Volume 5, April 2013
Security intelligence derived from multiple testing methodologies on the full spectrum of application types and programming languages across the software supply chain.
Threat Report 2014
An analysis of web and email threats seen in the year by Websense Security Labs.
Trend and Risk Report Mid-Year 2012 & Threat Insight Report Q1 2011
Analysis of threat trends from IBM X-Force.
UK Cyber Vulnerability Index 2013
Short research report about profiling FTSE350 companies via their online presences.
Web Application Security Statistics Project 2007
Compilation of web application security assessment project testing data to identify the prevalence and probability of different vulnerability classes and to compare automated and manual testing methodologies.
Web Hacking Incidents Database Report 2010
The Web Application Security Consortium's list of web application security incidents. Now reported in Trustwave's Global Security Report (above).
Website Security Statistics Report 13th Edition
This report from WhiteHat Security Inc provides a comparison of website vulnerabilities by industry sector and size of organisation.
Training and awareness
See also security organisations.
Definition of fraud, how to protect yourself and fraud reporting from the National Fraud Authority.
Bank Safe Online
The UK banking industry's initiative to help online banking users stay safe. Good description of the types of scams, how to identify scams and how website users can help to protect themselves. Also facility to report a scam or request advice.
Guidance, advice and tips for retailers and card holders on the types of debit and credit card fraud. Some information from the police and Home Office.
Online safety guidance from UK government for small businesses and homes, including simple "health check" forms.
Digital Parenting checklists
Aged-based checklists from Vodafone.
Awareness and understanding about digital citizenship for educators, parents, carers and young people, from Childnet International.
Practical advice for consumers in the UK who are victims of e-incidents such as e-crime.
Get Safe Online
Advice to UK consumers and small businesses on protecting their computer, their own and their family's privacy and computer systems when online. The excellent 10-minute guide for internet beginners should be read by all internet users.
Home Office's guide to identity theft. Information on how to protect yourself and what to do if you think you are a victim.
US federal/industry site with advice for adults and children on using the internet safely - "stop, think, click".
Stay Safe Online
International (US) website like the UK Get Safe Online from the National Cyber Security Alliance (NCSA). Content quite North American orientated, but useful as a comparison.
Think U Know
Internet help and advice for young people, parents and teachers including ability to report abuse from the UK's Child Exploitation and Online Protection Centre (CEOP).
Promoting safe and positive use of the internet by children. Includes resources for parents, communities, educators and businesses.
Website white papers, research and other documents.
Automatic Security Scanning vs. OWASP Top Ten
Discussion of how automated scanning products can tackle common website vulnerabilities.
Cloud Computing Benefits, Risks and Recommendations
ENISA's excellent analysis of cloud computing for SMEs.
The Cyber-Crime Market Uncovered
Definition of the black market, how it works and the sales process.
OWASP Top Ten
The most critical web application security flaws, published as one of the Open Web Application Security Project (OWASP) projects.
The Psychology of Security
An essay on the difference between what we perceive as security and the reality.
7th February 2007
SANS Top-20 Internet Security Attack Targets
Detailed information and references on the most common attack targets.
Security Guidance for Critical Areas of Focus in Cloud Computing
Security recommendations from the CSA
v2.1, December 2009
Security Economics and the Internal Market
Identification, assessment and analysis of the economic barriers to an e-communication internal market for ENISA.
29th January 2008
Security and the Software Development Lifecycle: Secure at the Source
Description of the stretegic approach of building security in to the software development lifecycle, with an analysis of the return on investment (ROI).
State of Application Security: Immature Practices Fuel Inefficiencies, but Positive ROI Is Attainable
Results from a survey of North American companies that develop software, examining their security practices in the software development lifecycle.
19th January 2011
Magazines and journals
Security related printed publications.
Card Technology Today
Smart card technologies, applications, manufacturers, legislation and industry initiatives.
Computer Fraud & Security
Monthly threat reports, news and technical features.
Financial Sector Technology (FST)
Business IT issues for the financial services sector, including regular items on compliance and risk.
Print and digital editions with security news, features and comment.
Security news and product information with UK, US, Asia-Pacific and Australia-New Zealand editions, from Haymarket Publishing.
Other web application security resources
Web application security
standards and codes of practice
Contact Watson Hall
Watson Hall works with your business and information systems staff, partners and suppliers, including professional advisors such as accountants, auditors, insurers and solicitors. We guide, assist and build security and skills in organisations to reduce security and compliance risk.