In 2017, Adam Shostack led a group who wrote a paper called "That Was Close! Reward Reporting of Cybersecurity 'Near Misses'".
The paper takes a look at how the advancement of technology has brought both considerable benefits to consumers and vulnerabilities. 2017 alone was a tough year for cybersecurity, with several large organizations the targets of worms and malware that led to, in some instances, data breaches and loss of confidential information. By looking at these instances, it's clear that there isn’t a mechanism to help understand these threats or their common aspects.
While information regarding the significant breaches can be released to the public after the fact, what's lacking is a data set that can be analyzed to provide substantial leads. The collection of such data is not easy, given that many firms are concerned about liability, and there also exists some confusion over the definitions of incident, hack and breach. What Adam Shostack and his team propose is to stay away from the scientific debate and instead study the "near misses" to gain clues on the trends in attacks.