Abstract
Cyberattacks are increasing in scale, scope, and impact, yet systematic, accessible data on these events remain fragmented, narrowly scoped, or methodologically opaque. Existing cyber incident datasets often focus on specific threat types or high-profile cases, are proprietary, or lack transparent coding rules, limiting comparative analysis and cumulative research. This paper introduces the Cyber Events Database 2.0 (CEDB 2.0), a publicly sourced, event-level repository of global cyber incidents from 2014 onward designed to support reproducible research and strategic cybersecurity analysis. The CEDB 2.0 employs a mixed-methods data collection approach that combines automated web scraping with multilingual, near–realtime news monitoring, integrating the Global Database of Events, Language, and Tone (GDELT) Project beginning in 2025. As of February 2026, the database contains 16,382 coded cyber events across 175 countries and 1,431 distinct threat actors. Each event is classified using a theory-informed taxonomy capturing actor type, motive, target sector, affected country, and observable effects. By enabling cross-sectional and longitudinal analysis at scale, the CEDB allows researchers to move beyond anecdotal case studies toward systematic, evidence-based assessment of state and non-state cyber behavior. The paper details the database’s methodology, structure, applications, limitations, and future development.