Why & how: the problem with strategic cybersecurity research

This post introduces the rationale behind evisec's Cybersecurity Research Digest (CRD) and outlines the approach taken to address the challenges faced by cybersecurity leaders.

I’ll start by discussing the underlying problems with the distorted knowledge environment that cybersecurity leaders face. Then, I’ll explain how the service ensures that high-quality, objective, and evidence-led insights are delivered through a careful process of research monitoring and validation.

The why: a noisy, vendor-dominated, distorted knowledge space

CISOs, product owners, entrepreneurs, VCs, policymakers and other cybersecurity leaders need to make and communicate data-driven strategic decisions, but they face a noisy, unreliable, and often biased information environment. In cybersecurity research, this is due to several key factors.

First and foremost, the cybersecurity research discourse aimed at leaders is dominated by vendor-produced content. Our analysis shows that over 400 publications by cybersecurity vendors are released annually. Each promises relevant insights for cybersecurity leaders, based on unique data they’ve either gathered externally (often via surveys) or have access to internally (often through telemetry from their products). Unfortunately, the quality and relevance of this content can vary significantly.

On one hand, some vendors produce or sponsor well-designed research that is grounded in useful data and provides objective, trustworthy insights. This type of content typically comes from larger vendors that offer a broad range of products and services, making them less reliant on targeting niche security areas.

However, much of the content is influenced by commercial interests. This leads to research that is framed or packaged as neutral but is ultimately designed to drive sales of products or services. Additionally, over half of this content is gated—requiring access to personal information, leading to a flood of marketing emails.

While many cybersecurity news outlets do a good job of monitoring the research space, commercial interests still often dictate the content. This can result in sensationalist or fear-driven coverage designed to attract clicks or content that highlights selected sources in line with vendor sponsorships.

It’s important to note that vendors are not the only entities producing data-led research. Public stakeholders such as ENISA, NCSC, and CISA, along with research organizations, also regularly publish valuable and evidence-based insights. However, a fundamental problem remains: the sheer volume of information makes it difficult for any individual to process, verify, and identify what is trustworthy, novel, or relevant.

The how: monitoring, verifying, and curating data-led insights

To address these issues, the Cybersecurity Research Digest applies a unique and structured process to deliver trusted, data-driven insights to cybersecurity leaders.

First, all publicly available research sources relevant for strategic decision-making, from security vendors and insurance providers to research organizations and public agencies, are continuously monitored to capture relevant and insightful content.

Each source is then verified for trustworthiness and objectivity by analyzing possible biases, research methodologies, and whether key results can be cross-verified with reputable sources. This ensures that the selected insights are both reliable and unbiased.

Finally, an organized list of all published research resources is provided, along with a short, weekly digest. This digest highlights the most relevant and impactful insights from the sources identified as objective and trustworthy.

Subscribe for free updates and share your feedback

With so many resources available to cybersecurity leaders, the goal is not to contribute to information overload but to cut through the noise by delivering only the most valuable insights.

Feedback is thus highly valuable in ensuring the service remains as useful as possible.

👇 Join for free, and share your feedback (in the comment section or via henry@evisec.xyz) to help refine the Cybersecurity Research Digest.