Security audit workflow - vulnerability scan → verification
annual-reports
0
0
# Install this skill:
npx skills add Anshin-Health-Solutions/superpai --skill "annual-reports"
Install specific skill from multi-skill repository
# Description
Annual report aggregation and analysis. Security reports, threat landscape, industry reports.
# SKILL.md
name: annual-reports
description: "Annual report aggregation and analysis. Security reports, threat landscape, industry reports."
triggers:
- annual reports
- security reports
- threat reports
- industry reports
- vendor reports
- threat landscape
Annual Reports Skill
Aggregate, analyze, and cross-reference major annual security and industry reports, extracting key findings, year-over-year trends, and actionable intelligence into a synthesized executive briefing.
Report Source Registry
| Report | Publisher | Typical Publication | URL | Focus Area |
|---|---|---|---|---|
| M-Trends | Mandiant (Google) | April | https://www.mandiant.com/m-trends | Incident response data, dwell time, attack vectors |
| Data Breach Investigations Report (DBIR) | Verizon | May | https://www.verizon.com/business/resources/reports/dbir/ | Breach patterns, actor types, industry breakdowns |
| Global Threat Report | CrowdStrike | February | https://www.crowdstrike.com/global-threat-report/ | Nation-state actors, eCrime, intrusion trends |
| Cost of a Data Breach | IBM / Ponemon | July | https://www.ibm.com/reports/data-breach | Breach costs by industry, geography, detection method |
| Threat Landscape | ENISA | October | https://www.enisa.europa.eu/publications | EU-focused threat taxonomy, top 10 threats |
| Internet Crime Report | FBI IC3 | March | https://www.ic3.gov/AnnualReport | US cybercrime complaints, financial losses, BEC/ransomware stats |
| State of Ransomware | Sophos | April | https://www.sophos.com/en-us/content/state-of-ransomware | Ransomware prevalence, ransom payments, recovery costs |
| Threat Horizons | Google Cloud | Quarterly | https://cloud.google.com/security/threat-horizons | Cloud-specific threats, misconfigurations, credential abuse |
Analysis Framework
Step 1: Identify Available Reports
Check which reports have been published for the current cycle. Reports publish on staggered schedules (see table above). Flag any reports not yet released for the current year.
Step 2: Retrieve and Parse
For each available report, use WebFetch to retrieve the executive summary, key findings section, and statistical highlights. Most reports publish a web summary alongside the full PDF.
Step 3: Extract Key Findings
From each report, extract into structured fields:
- Top threats (ranked list with descriptions)
- Statistical highlights (dwell time, cost figures, percentages)
- Year-over-year changes (what improved, what worsened)
- Industry-specific data (if user has specified their industry)
- Recommended actions (vendor's prescriptive guidance)
Step 4: Cross-Report Synthesis
Compare findings across reports to identify:
- Consensus themes: Threats or trends cited by 3+ reports (high confidence)
- Contradictions: Where reports disagree (note methodology differences)
- Unique insights: Findings only one report covers (source-specific value)
- Threat actor overlap: Track named actors across Mandiant, CrowdStrike, and ENISA naming conventions
Step 5: Year-Over-Year Trend Comparison
Build a trend matrix comparing key metrics across the last 2-3 years:
| Metric | 2024 | 2025 | 2026 | Trend |
|---|---|---|---|---|
| Median dwell time (days) | 10 | 8 | ? | Improving |
| Avg breach cost (USD) | $4.45M | $4.88M | ? | Worsening |
| Ransomware % of incidents | 24% | 28% | ? | Worsening |
Output Format
## Annual Security Report Analysis — {year} Cycle
Reports analyzed: {count} of {total_expected} published
Coverage period: {date_range}
### Executive Summary
{3-5 sentence synthesis of the most important cross-report findings}
### Consensus Findings (cited by 3+ reports)
1. {Finding with supporting data from multiple sources}
2. {Finding}
3. {Finding}
### Detailed Findings by Report
| Report | Key Finding | Key Stat | YoY Change | Action Item |
|--------|-------------|----------|------------|-------------|
| Mandiant M-Trends | Dwell time decreased | 8 days median | -2 days | Improve detection tooling |
| Verizon DBIR | Credential theft dominates | 44% of breaches | +3pp | Enforce MFA everywhere |
| CrowdStrike GTR | eCrime actors accelerating | 62 min avg breakout | -17 min | Reduce response time |
| IBM Cost of Breach | AI-assisted detection saves $$ | $1.76M savings | New metric | Invest in AI/ML detection |
### Threat Actor Tracking
| Actor / Group | Cited By | Attribution | Primary Targets | TTPs |
|--------------|----------|-------------|-----------------|------|
| {actor_name} | Mandiant, CrowdStrike | {nation-state} | {sector} | {techniques} |
### Industry-Specific Insights ({user_industry})
- {Insight relevant to the user's declared industry}
- {Recommendation}
### Reports Not Yet Published
- {Report name} — expected {month}, check back then
### Recommended Reading Priority
1. {Most relevant report for user's context} — read the full executive summary
2. {Second most relevant}
3. {Skim for your industry section}
Example Analysis Output
## Annual Security Report Analysis — 2025 Cycle
Reports analyzed: 5 of 8 published
### Executive Summary
Ransomware continues its upward trajectory with a 28% share of all incidents (Verizon DBIR), while median dwell time
dropped to 8 days (Mandiant), suggesting defenders are improving detection but not prevention. The average cost of a
breach rose to $4.88M (IBM), driven primarily by regulatory fines in healthcare and financial services. CrowdStrike
reports eCrime actors achieving breakout in under 62 minutes on average, making automated response essential.
### Consensus Findings
1. Credential-based attacks remain the #1 initial access vector (Verizon, Mandiant, CrowdStrike)
2. Ransomware frequency and cost both increased year-over-year (Verizon, Sophos, IBM)
3. Cloud misconfigurations are a growing attack surface (Google Threat Horizons, ENISA, CrowdStrike)
When to Use
- Strategic planning: Annual security budget and tool selection informed by industry data.
- Board reporting: Executive summaries suitable for non-technical leadership.
- Threat modeling: Update organizational threat model with latest actor intelligence.
- Compliance justification: Cite authoritative reports to justify security investments.
- Ad-hoc: "What did the latest Verizon DBIR say about phishing?" for targeted queries.
Tool Chain
WebSearchto find latest published report URLs and summariesWebFetchto retrieve report executive summaries and key findings pages- Inline synthesis for cross-report comparison and trend calculation
# Related Skills
Security-first PR review checklist for this repo. Use when reviewing diffs/PRs, especially...
Use this skill whenever the user wants to do anything with PDF files. This includes reading or...
Professional network reconnaissance and port scanning using nmap. Supports various scan types...
# Supported AI Coding Agents
This skill is compatible with the SKILL.md standard and works with all major AI coding agents:
Amp
Antigravity
Claude Code
Clawdbot
Codex
Cursor
Droid
Gemini CLI
GitHub Copilot
Goose
Kilo Code
Kiro CLI
OpenCode
Roo Code
Trae
Windsurf
Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.