Cyber Events Database Home

  1. Home
  2. Publications
  3. Cyber Events Database Home
Back to All Publications
Click Here to Download the Database

Next Update: Wednesday, December 10, 2025

Current dataset includes records for 2014-October 2025
Please note that there was a GDELT network outage from June 14 - July 1, 2025, affecting our ability to identify events reported on in the second half of June. We estimate 40-60 fewer than expected June records as a result of the outage.

 

Enhancements to the Cyber Events Database: We now leverage the Global Database of Events, Language, and Tone (GDELT) Project’s Web News NGrams 3.0 and Article List datasets for monitoring of global news to identify candidate cyber events. This identification process supplements our original data scraping approach beginning with date from January 2025. This allows us to:

  • Expand our coverage
  • Improve our tracking of non-English language sources
  • Provide monthly updates with the previous month's cyber event records (with new data released on the second Wednesday of every month)

Additionally, we have several new variables, including:

  • Identify events without GDELT (original_method) – To allow researchers to control for differences in data collection methods when analyzing trends across the entire dataset (2014–present) and account for the shift to GDELT in 2025 an Integer (0 or 1) indicates whether the event data was collected using the original web scraping method (pre-GDELT, before January 2025) or the GDELT-based method (January 2025 onward).
  • Date of publication (reported_date): The date, in DD-MM-YYY format, the media source published the article identifying the relevant cyber event. This is different from event_date which is the date or estimated date a cyber event actually occurred.
  • Severity measures for disruptive events (magnitude, duration, scope) – Qualitative and quantitative information that describes the magnitude, duration, and/ or scope of the cyber event.
  • Severity measures for exploitive events (ip, org_data, cust_data) – Qualitative and quantitative information describing the type i.e., intellectual property, organizational, and/or customer, and amount of data compromised.

You can also expect a monthly update with the previous month's events coded and posted on the second Wednesday of the following month. 

 

 

 

Related Publications

View All Publications