Skip to content
Sign Up for Our Newsletter
About
Close About
Open About
About the Institute for Security and Technology
Our Team
Board Of Directors
Careers
Contact Us
Featured Events
Cyber Policy Awards
Critical Effect DC
Projects
Close Projects
Open Projects
AI and NC3
Pioneering action-oriented efforts to explore how advanced AI capabilities will be integrated into nuclear command, control, and communications
AI Antitrust and National Security
Exploring how to more effectively account for national security considerations in AI antitrust cases while respecting precedent, scope, and the core principles of antitrust law
AI Risk Reduction Initiative
Assessing the emerging risks and opportunities of AI foundation models and developing risk reduction strategies
AI Chip Export Control Initiative
Safeguarding U.S. national competitiveness by closing critical compliance and enforcement gaps
AI Risk Barometer
Measuring national security professionals’ perceptions of AI futures through a technically-informed survey
CATALINK
Preventing the onset or escalation of conflict by building a resilient global communications system
Energy FIRST
Powering U.S. and allied security & prosperity through a resilient energy future
Ransomware Task Force (RTF)
Combating the ransomware threat with a cross-sector approach
Religious Voices and Responsible AI
Engaging religious communities on safe and beneficial AI
SL5 Task Force
Strengthening AI security through a multistakeholder approach
UnDisruptable27
Driving more resilient lifeline critical infrastructure for our communities
All Projects
» Explore all of IST's projects, past and current
Focus Areas
Future of Digital Security
Geopolitics of Technology
Innovation and Catastrophic Risk
Events
Insights
Contact
Search
Donate
Archive
incident reporting
Blog
IST Submits Comments to the EU Cybersecurity Act Review Consultation
In April, the European Commission opened a public consultation process for feedback on the European Union Agency for Cybersecurity (ENISA) and the implementation of the Cybersecurity Act. Drawing on engagements with a broad range of stakeholders as part of our Future of Digital Security portfolio, IST’s comments focus on harmonizing legislation and streamlining incident reporting requirements.
cyber incident harmonization
,
cybersecurity
,
European Union
,
incident reporting
,
IT
,
legislation
,
NIS-2
,
OT
,
secure-by-design
June 24, 2025
Event
March 26, 2025 9:00 am
Exploring the UK’s Ransomware Legislative Proposals
On March 26, IST and the Ransomware Task Force hosted an in-depth discussion on the UK’s government recent open consultation on ransomware.
critical infrastructure
,
incident reporting
,
ransom payments
,
Ransomware
March 26, 2025
Blog
Institute for Security and Technology and Cyber Threat Alliance Submit Comments on Cyber Incident Reporting for Critical Infrastructure Act
IST and the Cyber Threat Alliance, along with co-signer Chainalysis, submitted comments on July 3, 2024 in response to the Cybersecurity and Infrastructure Security Agency’s Notice of Proposed Rulemaking on the Cyber Incident Reporting for Critical Infrastructure Act.
CIRCIA
,
critical infrastructure
,
cybersecurity
,
incident reporting
,
Ransomware
,
RFI
July 3, 2024
Progress Report
,
Report
Ransomware Task Force: Doubling Down
While the U.S. government and its partners made great strides in combating ransomware in 2023, attacks have only increased. Of the 48 recommendations made in the original RTF Report, our assessment remains unchanged from a year ago: only 24 have seen significant progress.
cybersecurity
,
incident reporting
,
ransom payments
,
Ransomware
April 24, 2024
Event
February 15, 2024 11:00 am
Unpacking a Potential Ban on Ransom Payments: Implications, Alternatives, and What’s Next
Ransomware continues to threaten organizations, governments, schools, and even lives. Ransomware actors are primarily profit-motivated. Would a ban meaningfully decrease payments, and if so, would criminals shift away from this tactic? On February 15, IST hosted a webinar to assess the ecosystem’s level of preparedness for a ban, unpack the implications of a ban across industries, and discuss what comes next.
incident reporting
,
ransom payments
,
Ransomware
,
resilience
February 15, 2024
Progress Report
May 2023 Progress Report: Ransomware Task Force: Gaining Ground
As of May 2023, 92% of the 48 RTF recommendations have seen some action, with 50% experiencing significant progress, including through legislation and policy adoption.This report walks readers through the RTF’s second year, acknowledging tremendous shifts in the ecosystem, especially in light of the war in Ukraine, and highlights key areas of progress.
disruption
,
incident reporting
,
progress report
,
ransom payments
,
Ransomware
May 5, 2023
Blog
Commitment to Cybersecurity at a Global Scale: IST at the Cybersecurity Leadership Program in Costa Rica
IST's Zoë Brammer and Elizabeth Vish headed to Costa Rica last week to present at the Cybersecurity Leadership Program. In their conversations with Latin American government officials and private sector representatives, they were struck by a shared sense of urgency to address ransomware.
Blueprint for Ransomware Defense
,
Costa Rica
,
cybersecurity
,
incident reporting
,
Ransomware
March 20, 2023
Report
Cyber Incident Reporting Framework: Global Edition
Multiple industry groups, led by the Cyber Threat Alliance and IST, have come together to identify a set of principles and develop a model reporting format that governments worldwide could use. The Cyber Incident Reporting Framework: Global Edition answers questions about what conditions should be in place to make a reporting mandate effective and harmonizes suggested definitions with existing global regulations.
CIRCIA
,
CISA
,
cybersecurity
,
incident reporting
March 9, 2023
Blog
Eighteen Months On: Continued Progress on Ransomware Task Force Recommendations
In the 6 months since the publication of the Ransomware Task Force (RTF) Progress Report this May, we have seen a great deal of action to combat ransomware, but we have also seen the scale of the threat continue to grow, even as stakeholders continue to focus on it.
deter
,
disrupt
,
incident reporting
,
prepare
,
progress report
,
Ransomware
,
respond
December 5, 2022
Report
Cyber Incident Reporting Framework
The Framework lays out a set of model reporting formats the Cybersecurity and Infrastructure Security Agency (CISA) could use as the foundation for the cyber incident reporting.
CIRCIA
,
cyber
,
cybersecurity
,
incident reporting
,
Ransomware
November 3, 2022
Op-ed
Cyber incident reporting isn’t the problem — ignorance is
In an op-ed for The Hill, IST's Chief Strategy Officer Megan Stifel and Cyber Threat Alliance's President & CEO Michael Daniel make the case for reporting cyber incidents.
CIRCIA
,
CISA
,
incident reporting
,
Ransomware
November 2, 2022
Blog
RTF Year Two: New Map; New Data: Same Mission
We estimate that in 2021 there were well over 4,000 documented ransomware incidents involving at least 60 ransomware "families," impacting organizations in 109 countries.
cyber attacks
,
incident map
,
incident reporting
,
Ransomware
July 13, 2022
Search
Search
