Skip to main content

Cyber Events Database

code on a computer screen

The Cyber Events Database collects publicly available information on cyber events, beginning in 2014 to the present day. It was created to address a lack of consistent, well-structured data necessary for making strategic decisions about how to invest resources to prevent and respond to cyber events.

We are currently transitioning the database onto our main website. Please register for access to the database by hitting the button below. After registering and submitting your response, follow the link displayed to receive a download of the database file. 

Register for Cyber Events Database Download the Cyber Events Database Codebook

The Cyber Events Database has been leveraged by:

Leveraged by these organizations

Cyber Events Data Descriptive Statistics, 2014-2023

All graphs below come from 13,327 cyber events recorded between 2014-2023. Our full dataset, which we update on a monthly basis, currently provides records of cyber events from 2014 - June 2024.

  • Exploitative attacks (or those looking to steal information ) remain the most common though disruptive attacks (aimed at interfering with a target's operations) saw a significant spike in 2022 following Russia's invasion of Ukraine before settling back to historical levels in 2023. 
  • Mixed effect events are also gradually increasing as more criminal actors use techniques such as double extortion, which involves data exfiltration (exploitative) and encryption (disruptive).
Cyber Events by Effect Type 2014-2023
 
slide 1 of 6

The increasing scale and impacts of cyber events remain an enduring concern, yet information covering the range of threat actors, motive, industry, or classified impact are scarce, fractured, or are only available through private organizations at a significant cost. 

As the private and public sectors grapple with the multi-faceted problem of cyber security, they lack basic tools needed to make strategic decisions about prevention and response. Software solutions, organizational resilience, employee education, and improved system controls are among the many available options to enhance cybersecurity. Yet, it is difficult to make strategic decisions about how to invest scarce resources without an understanding of what types of cyber threats are most common in a specific industry or critical infrastructure sector and what their effects might be. 

There exists a number of smaller niche repositories, news sites, and blogs that catalog cyber events, yet the data is often not well structured or consistently coded. To address this gap, CISSM and GoTech have launched the Cyber Events Database project with information on cyber attacks from 2014 to the present. The Cyber Events Database allows users to distill analytical insights on cyber threats to specific industries and regions, trends over time, and the behavior of different threat actors.

The dataset contains structured information across several categories and is now available to researchers and industry partners. The Cyber Events Database utilizes automated techniques paired with manual review and classification by researchers to acquire and structure data from a variety of open news sites, blogs, and other specialty sites that identify and discuss publicly attributed attacks.  The data is updated monthly and yields information about the threat actor, motive, victim, industry, and end effects of the attack.

CISSM and GoTech have made descriptive information freely available to the public. Researchers or public officials interested in the detailed records or access to the dataset in its entirety should contact Dr. Charles Harry at charry@umd.edu

Researchers who plan on using the data for publication should cite the following: Harry, C., & Gallagher, N. (2018). Classifying Cyber Events. Journal of Information Warfare, 17(3), 17-31.

For more information about the Cyber Events Database, please contact Dr. Charles Harry at charry@umd.edu