Skip to content

Methodology

Data collection and processing

We gather, process, and analyse data from public reports of cyber incidents through a combination of data science tools and expert knowledge. Our data pipeline enables us to track and report changing trends in the global, and particularly European, cyber threat environment.

Articles scanned everyday
> 0
Sources
0
Variables coded
0

Our data pipeline:

The scientific coding of cyber incidents is an ongoing, iterative process. It necessitates continuous refinement and recalibration – for instance, adjusting intensity scores and attribution evidence. As fresh data is obtained, it is continuously incorporated into our existing dataset, which subsequently updates our interactive dashboard. In addition, we have strict coding procedures that mandate frequent assessment by both internal (secondary) and external reviewers.

Standardised and interdisciplinary coding

Using a standardised codebook, our team of experts in IT forensics, political science and international law assesses data on cyber incidents worldwide against a set of 60 criteria. For each incident, the following categories of information are recorded:

Download full codebook

Scope

Cyber incidents that fit the following criteria are included in our database:

  • Cyber incidents in violation of the "CIA-triad of information security"

    As a first technical requirement, a cyber incident must have violated the “CIA-triad of information security” to be relevant to our repository.

  • Cyber incidents that have been publicly reported

    Second, our data covers only cyber incidents that are publicly reported, thus leaving out a potentially great number of unreported cases due to non-detection or nondisclosure.

  • Cyber incidents with a political dimension

    Third, only cyber incidents that have a political dimension are included. This means cyber incidents that a) have affected political or state actors/institutions, b) have been associated with state-actors as the actual “masterminds” or exhibit a political motivation, or c) have been “publicly politicized, regardless of the affected target” (Steiger et al. 2018).

  • Cyber incidents against critical infrastructure

    Finally, since February 2023, we also cover all cyber incidents against critical infrastructure entities, regardless of the attributed initiator, due to their increased threat situation.

This means that some cyber incidents are consciously cut out (e.g., many criminally motivated ransomware attacks against commercial entities) when they concern specific stakeholders but are not addressed particularly by political actors.

Cyber intensity indicator

Our Cyber intensity indicator measures the severity of a cyber incident. This is achieved by evaluating the duration of the incident itself and of its effects, as well as the criticality of targets. See our calculation method below:

Sources

Source nameURL
ABC Newshttps://www.abcnews.go.com
Al Jazeerahttps://www.aljazeera.com
APhttps://hosted.ap.org
AP Newshttps://www.apnews.com
Arab Newshttps://www.arabnews.com/tags/cybersecurity
ArsTechnicahttps://arstechnica.com/
Avast Threat Labshttps://decoded.avast.io/feed/
BBChttps://www.bbc.com
BlackBerryhttps://blogs.blackberry.com/
Bleeping Computerhttps://www.bleepingcomputer.com/feed/
Bloomberghttps://bloomberg.com 
Brisbane Timeshttps://www.brisbanetimes.com.au
Brookingshttps://www.brookings.edu
Business Insider (DE)https://www.businessinsider.de
Business Insider (EN)https://www.businessinsider.com
Buzzfeedhttps://www.buzzfeednews.com
C4ISRhttps://www.c4isrnet.com/
Canberra Timeshttps://www.canberratimes.com.au/
CBC Canadahttps://www.cbc.ca/
CBS Newshttps://www.cbsnews.com
Channel News Asiahttps://www.channelnewsasia.com/
Channel News Asia [Cyber Security]https://www.channelnewsasia.com/topic/cybersecurity
CISA ICS Alertshttps://www.cisa.gov/
Ciscohttps://blogs.cisco.com/
CNBChttps://www.cnbc.com
CNEThttps://www.cnet.com/topics/security/
CNNhttps://www.cnn.com
CNN Editionhttps://edition.cnn.com
CNN Moneyhttps://money.cnn.com
Computer Worldhttps://www.computerworld.com/
Corriere della Sera [Politics]https://www.corriere.it/politica/
Corriere della Serrahttps://www.corriere.it/esteri/
Cybereasonhttps://www.cybereason.com/blog/rss.xml
CyberGeekshttps://cybergeeks.tech/feed/
CyberScoophttps://www.cyberscoop.com/feed/
CybersecAsiahttps://www.cybersecasia.net/news/feed/
Daily Record EUhttps://eu.dailyrecord.com
Dark Readinghttps://www.darkreading.com/rss.xml
DataBreacheshttps://www.databreaches.net/feed/
Defense Onehttps://www.defenseone.com/rss/all/
Der Standard [Inland]https://www.derstandard.at/inland 
Der Standard [International]https://www.derstandard.at/international
Die Welt [Cyber]https://www.welt.de/themen/cyberwars/
Die Welt [Politik]https://www.welt.de/politik/
DPA Internationalhttps://dpa-international.com
Dragoshttps://www.dragos.com/resources/?_block_resources_resource_type_filter=post
Economic Times India CIOhttps://cio.economictimes.indiatimes.com/tag/cybersecurity/news
Economic Times India Telecomhttps://telecom.economictimes.indiatimes.com/tag/cyber+security/news
Economisthttps://www.economist.com
Eesti Päevalehthttps://epl.delfi.ee/kategooria/67583608/uudised 
EFF Deeplinkshttps://www.eff.org/rss/updates.xml
El Mundo [Espana]https://www.elmundo.es/espana.html
El Mundo [International]https://www.elmundo.es/internacional.html
El Mundo [Tech]https://www.elmundo.es/tecnologia.html
El Paishttps://english.elpais.com/international/ 
El Pais - Economyhttps://english.elpais.com/economy-and-business
El Pais - Internationalhttps://english.elpais.com/international
El Pais - Science & Techhttps://english.elpais.com/science-tech
El Pais - Spainhttps://english.elpais.com/spain
El Pais [Cybersecurity]https://elpais.com/tecnologia/
El Pais [Espana]https://elpais.com/espana/
El Pais [International news]https://elpais.com/internacional/
Euractivhttps://www.euractiv.com/
Euractiv (news)https://www.euractiv.com/news/
Euro Newshttps://www.euronews.com/
Euro topicshttps://www.eurotopics.net/en/3/debates
F5 Labs Threatshttps://www.f5.com/labs/rss-feeds/threats.xml
Financial Timeshttps://www.ft.com
Forbeshttps://www.forbes.com
Fortiguardhttps://www.fortiguard.com/resources/threat-brief
Fortunehttps://fortune.com/
Fox Businesshttps://www.foxbusiness.com
Fox Newshttps://www.foxnews.com
FoxIThttps://blog.fox-it.com/
Frankfurter Allgemeine Zeitung [IT-Sicherheit]https://www.faz.net/aktuell/technik-motor/thema/it-sicherheit
Frankfurter Allgemeine Zeitung [Politik]https://www.faz.net/aktuell/politik/ 
Gazeta Wyborczahttps://wyborcza.pl/0,173236.html#TRNavSST 
Gazeta Wyborcza [National]https://wyborcza.pl/0,75398.html
Gazeta Wyborcza [Technology]https://wyborcza.pl/AkcjeSpecjalne/0,183960.html
Gdatahttps://www.gdata.de/blog
Golemhttps://www.golem.de/specials/security/
Google Threat Analysis Grouphttps://blog.google/threat-analysis-group/rss/
GovInfo Securityhttps://www.govinfosecurity.com/rss-feeds
Group-IBhttps://blog.group-ib.com/
Haaretz Israel Newshttps://www.haaretz.com/israel-news
Haaretz Middle East Newshttps://www.haaretz.com/middle-east-news
Haaretz Tech Newshttps://www.haaretz.com/israel-news/tech-news
Hackreadhttps://www.hackread.com/
Heisehttps://www.heise.de/
Huffington Posthttps://www.huffingtonpost.com
Huffington Post Feedshttps://feeds.huffingtonpost.com
Human Rights Watchhttps://www.hrw.org/publications
Independenthttps://www.independent.co.uk
Indian Expresshttps://indianexpress.com/about/cyber-security/ 
Insight Crimehttps://insightcrime.org/news/ 
International Business Timeshttps://www.ibtimes.com
International Business Times Businesshttps://www.ibtimes.com/business  
International Business Times Worldhttps://www.ibtimes.com/world
Intrusion Truthhttps://intrusiontruth.wordpress.com/
IronNethttps://www.ironnet.com/blog/tag/threat-research
Japan Timeshttps://www.japantimes.co.jp
Jerusalem Posthttps://rss.jpost.com/rss/rssfeedsinternational
Jerusalem Post Israel Newshttps://www.jpost.com/israel-news
Jerusalem Post Middle Easthttps://www.jpost.com/middle-east
Just Security [Cyber]https://www.justsecurity.org/tag/cyber/
Jylands Posten [International]https://jyllands-posten.dk/international/
Jylands Posten [Politik]https://jyllands-posten.dk/politik/
Kleine Zeitung [International]https://www.kleinezeitung.at/international
Kleine Zeitung [Politik]https://www.kleinezeitung.at/politik/index.do 
Kleine Zeitung [Wirtschaft]https://www.kleinezeitung.at/wirtschaft
Krebs on Securityhttps://krebsonsecurity.com/feed/
La Repubblicahttps://www.repubblica.it/tecnologia/?ref=RHHD-T
La Stampa [Esteri]https://www.lastampa.it/esteri/
La Stampa [Politica]https://www.lastampa.it/politica/
LA Timeshttps://www.latimes.com
La Vanguardia [Internacional]https://www.lavanguardia.com/internacional/
La Vanguardia [Politica]https://www.lavanguardia.com/politica/
La Vanguardia [Tecnologia]https://www.lavanguardia.com/tecnologia/
Lawfare Blog (Cybersecurity)https://www.lawfareblog.com/topic/cybersecurity
Le Figaro [Bourse]https://bourse.lefigaro.fr/
Le Figaro [International]https://www.lefigaro.fr/international 
Le Figaro [Main]https://www.lefigaro.fr/
Le Monde [Cybercrime]https://www.lemonde.fr/cybercriminalite/
Le Monde [Security]https://www.lemonde.fr/securite-informatique/ 
Les Echos [Monde]https://www.lesechos.fr/monde/
Les Echos [Tech]https://www.lesechos.fr/tech-medias/
LookingGlasshttps://lookingglasscyber.com/blog/
Malwarebytes Labshttps://blog.malwarebytes.com/feed/
Mandiant Resources Bloghttps://www.mandiant.com/resources/blog
Microsoft On the Issueshttps://blogs.microsoft.com/on-the-issues/category/cybersecurity/feed/
Microsoft Securityhttps://www.microsoft.com/security/blog/feed/
MIT Technology Reviewhttps://www.technologyreview.com/
Naked Securityhttps://nakedsecurity.sophos.com/feed/
NBC Newshttps://www.nbcnews.com
Netzpolitikhttps://netzpolitik.org/
New York Timeshttps://www.nytimes.com/
New York Times RSShttps://www.nytimes.com/rss
News.comhttps://www.news.com.au/
NPRhttps://www.npr.org
Palo Alto Unit42https://unit42.paloaltonetworks.com/feed/
Politicohttps://www.politico.com
Politico EUhttps://www.politico.eu/
Politico EU (news)https://www.politico.eu/news/
Politiken [Ausland]https://politiken.dk/udland/
Politiken [Inland]https://politiken.dk/indland/ 
Postimeeshttps://news.postimees.ee/#_ga=2.84184540.496198616.1642498310-1308883476.1642498308 
ProofPointhttps://www.proofpoint.com/us/blog/threat-insight?page=3
QuoIntelligencehttps://quointelligence.eu/blog/
ReadMe by Synackhttps://readme.security/
Reaqtahttps://reaqta.com/blog
Recorded Future Insikt Grouphttps://www.recordedfuture.com/
Red Alerthttps://redalert.nshc.net/blog/feed/
Reutershttps://www.reuters.com/subjects/cybersecurity
RFE/RL - Features & Blogshttps://www.rferl.org/api/zmoiiebkii
RFE/RL - Newshttps://www.rferl.org/api/zbqimetkiy
RFE/RL - Ukraine Live Bloghttps://www.rferl.org/api/zqiimqekgimi
RFE/RL - Watchdoghttps://www.rferl.org/api/zroiveukiv
RSFhttps://rsf.org/en
Rzeczpospolita [International]https://www.rp.pl/wydarzenia/swiat
Rzeczpospolita [national]https://www.rp.pl/wydarzenia/kraj
Schneier on Securityhttps://www.schneier.com/feed/
Securelist by Kasperskyhttps://securelist.com/category/incidents/feed/
Security Affairshttps://securityaffairs.co/wordpress/feed/
Security Middle East & Africa https://securitymea.com/category/news/
Security Middle East Magazinehttps://www.securitymiddleeastmag.com/category/cyber-security/feed/
SecurityBrief Asiahttps://securitybrief.asia/ 
SecurityWeekhttps://feeds.feedburner.com/securityweek
Securonixhttps://www.securonix.com/blog/
Securonix Bloghttps://www.securonix.com/blog/
SentinelOne Bloghttps://de.sentinelone.com/blog/
Sky Newshttps://news.sky.com/
SocRadarhttps://socradar.io/blog/ 
Softpedia Newshttps://news.softpedia.com/newsRSS/Security-5.xml
South China Morning Posthttps://www.scmp.com
SPIEGEL Online [Ausland]https://www.spiegel.de/ausland/ 
SPIEGEL Online [Politik Deutschland]https://www.spiegel.de/politik/deutschland/
Sud Deutschehttps://www.sueddeutsche.de/
Sydney Morning Heraldhttps://www.smh.com.au
Symantechttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence
Tarnkappe.infohttps://tarnkappe.info/
Tech Radarhttps://www.techradar.com/
TechCrunchhttps://techcrunch.com/
Technology Reviewhttps://www.technologyreview.com/
TechRepublichttps://www.techrepublic.com/rssfeeds/topic/security/
Telegraph (feedsportal)https://telegraph.feedsportal.com
The Atlantichttps://www.theatlantic.com/
The Christian Science Monitorhttps://www.csmonitor.com/
The Cipher Briefhttps://www.thecipherbrief.com/
The Citizen Labhttps://citizenlab.ca
The Daily Swighttps://portswigger.net/daily-swig/rss/
The Diplomathttps://thediplomat.com/
The Guardianhttps://www.theguardian.com/uk/technology
The Hacker Newshttps://feeds.feedburner.com/TheHackersNews
The Hillhttps://www.thehill.com
The Intercepthttps://theintercept.com
The Recordhttps://therecord.media/feed
The Start (Malaysia)https://www.thestar.com.my/
The Telegraphhttps://www.telegraph.co.uk/cyber-attacks/
The Times UKhttps://www.thetimes.co.uk/#section-news
The Vergehttps://www.theverge.com
The Washington Posthttps://www.washingtonpost.com/
ThreatConnecthttps://threatconnect.com/blog/?fwp_blog_topic=threat-research
Threatposthttps://threatpost.com/
Timehttps://time.com/
Trend Microhttps://www.trendmicro.com/vinfo/us/security/news/
Twitterhttps://twitter.com
USA Todayhttps://www.usatoday.com/
USA Today (EU)https://eu.usatoday.com/
Voice of America Newshttps://www.voanews.com
Volexityhttps://www.volexity.com/blog/
Volkskranthttps://www.volkskrant.nl
Voxhttps://www.vox.com
Wall Street Journalhttps://www.wsj.com/
War on the Rockshttps://warontherocks.com/feed/
Washington Posthttps://www.washingtonpost.com
Washington Post Feedshttps://feeds.washingtonpost.com
WeLiveSecurityhttps://www.welivesecurity.com/feed/
Wiredhttps://www.wired.com/category/security/feed
ZDnethttps://www.zdnet.com/
ZeeNews Indiahttps://zeenews.india.com/tags/cyber-security.html 
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15

Welcome to our Cyber Incident Dashboard!

For best results, please view on a desktop device.