The Research Institute in Science of Cyber Security is the UK’s first academic Research Institute to focus on understanding the overall security of organisations, including their constituent technology, people and processes. It is now in its second phase, RISCS2. To find out more about the history of RISCS, please read the blog post here. RISCS2 will have three annual community meetings plus an academic conference shared with its siblings, the Research Institute in Automated Program Analysis and Verification (RIAPAV), led by Philippa Gardner (Imperial), the Research Institute in Trustworthy Industrial Control Systems (RITICS), led by Chris Hankin (Imperial) and the Research Institute in Secure Hardware and Embedded Systems (RISE) led by Maire O’Neill. RISCS is focused on giving organisations more evidence, to allow them to make better decisions, aiding to the development of cybersecurity as a science. It collects evidence about what degree of risk mitigation can be achieved through a particular method – not just the costs of its introduction, but ongoing costs such as the impact on productivity – so that the total cost of ownership can be balanced against the risk mitigation that’s been achieved. Its main goal is to move security from common, established practice to an evidence base, the same way it happened in medicine. The institute is managed by the RISCS Hub team based at University College London. The Annual Report 2017 was released at the UK Cyber Security Research Institutes Conference in October 2017. The 2013, 2014, 2015 and 2016 reports are also available.