Public and academic knowledge of cyber conflict relies heavily on data from commercial threat
reporting, but this data provides a distorted view of cyber threat activity. Commercial actors
are selective about the threats they focus on and what they report in public documents. This
selection bias hampers not only scholarship on cybersecurity, but also has concerning consequences for democracy. Threat reporting can be conceived as a public good that is by and large
provided by actors in the private sector. As collective action theory leads us to expect, accurate
threat reporting is underprovided while the interests of commercial information security firms
in high-end threats to high-profile victims are overrepresented. Prevalent threats to civil society
organizations, which lack the resources to pay for high-end cyber defense, tend to be ignored.
Commercial threat reporting thus presents a truncated sample of cyber conflict. We present
and analyze an original dataset of available public reporting by the private sector as well as
independent research centers. We also present three in-depth case studies tracing reporting
patterns on a cyber operation targeting civil society. Our findings strongly confirm the hypothesized selection bias in reporting.
