The 2024 Annual Cybersecurity Risk Report

The FAIR Institute Cyber Risk Report is designed to provide reference estimates for the probability, loss, and loss exposure of common cyber events. It summarizes the findings by industry and event themes and details how actionable variables, such as security stance and data retention management, can reduce risk exposure.

This year, we are pleased to present original research from EY on the challenges of implementing a cybersecurity program, a survey that revealed the structural problems that hold back many programs and the attributes of the most effective CISOs – as EY calls them, “Secure Creators.” At the FAIR Institute, we believe that transparency and accountability in cyber risk management are best served through cyber risk quantification (CRQ) – with Factor Analysis of Information Risk (FAIR™), the international standard for CRQ, built on a foundation of carefully curated data. We based our 2024 Cybersecurity Risk Report on FAIR analyses and extensive research by our data science advisors. We invite you to discover the most relevant cyber risk data for your organization and benchmark your performance against peers in your industry and others.