There are studies that are becoming standard de facto in the cyber industry and read these reports can add an immense value to the understanding you have about cyber risks, here a list of the most famous:

• https://www.europol.europa.eu/internet-organised-crime-threat-assessment-2018
• https://www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends
• http://www.verizonenterprise.com/verizon-insights-lab/dbir/tool/
• https://www.akamai.com/uk/en/about/our-thinking/state-of-the-internet-report/global-state-of-the-internet-security-ddos-attack-reports.jsp
• https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=77014377USEN
• https://www.accenture.com/gb-en/insights/security/cyber-threatscape-report-2018
• https://www.ponemon.org/library
• https://www.sans.org/security-awareness-training/reports/2018-security-awareness-report
• https://www.ncsc.gov.uk/cyberthreat
• https://www.cisco.com/c/en_uk/products/security/security-reports.html
• https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2018
• https://www.mcafee.com/enterprise/en-gb/threat-center/mcafee-labs/reports.html
• https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports
• https://www.fireeye.com/current-threats/annual-threat-report/mtrends.html
• https://customers.darktrace.com/en/threat-report-2018