Cyber Protection Magazine gets a lot of marketing materials described as studies, surveys, and reports. The flow of those documents increases as major trade shows approach. For example, in the two months leading up to the RSA Conference, we received 56 before we stopped counting. More have come in since but it is now a trickle. We read each one. Luckily, our chief editor can read at 6,000 words per minute. He still grits his teeth whenever he reads the email pitch.

That doesn’t mean all turn into content on our pages because, for the most part, the information contained within is not news. Much can be expressed in a few sentences like, “C-level executives are concerned about data breaches” and “Cybercrime to cost more than $9 trillion by 2025.” In the first instance, our response is, “No kidding?” The second instance is just wrong with no evidence to support it. As often as we tell company representatives, they still produce the same banal and inaccurate assumptions.

About half the time, the “study” was not done by the company pitching the document, but by someone else with a specific twist highlighting the pitching company’s capabilities. For example, we recently received a copy of a “report” about the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) Catalog. It is a monstrously large document, remarkably distilled by a private company into a report that, wondrously, pointed to the company’s products as a solution to the problems notated in the report.

Because these documents rarely provide insight but are meant to validate product claims, they are little more than advertising masquerading as information and that puts them in the junk pile. That, however, is not always the case.

Occasionally, we get truly independent research that, for the most part, says nothing new. But buried in the obvious and the inaccurate, is a nugget of truly interesting data. It’s not enough to make an entire story, although it makes for an interesting LinkedIn post. In our review of the bland cornucopia of data received over the past two months, we saw enough nuggets to see a larger story. There is more to come in the next weeks, but we want to start with this interview with Metomic CEO, Rich Vibert. Their recently released survey on CISO opinions in the UK and US had a lot of obvious statements, but we found a couple of nuggets… and what could be an interesting vein for future discussions.