I’m a stickler for truth, transparency, and accuracy and I find it frustrating that so many cyber presentations throw stats around without disclosing their source. I use stats as well but I want my audience to know that I did my due diligence to source from reputable sources and keep them updated.
To that end I keep a Cybersecurity Stats page updated with sources.
I maintain a github repo of cybersecurity reports and studies that I reference in talks and position papers. I do not claim any ownership of these studies nor am I the author. Please visit the author organizations and subscribe to show your thanks. They just have a habit of making them hard to find.