Skip to main content

The State of Security 2022

Global research: Security leaders’ priorities for cloud integrity, the talent gap and the most urgent attack vectors.


Security incidents are up

of organizations worldwide report an increase in attempted cyberattacks.
of orgs say they suffered a data breach over the past two years, up from 39% in our 2021 survey.
of security teams say they had to devote significant time and resources for remediation (up from 42% a year ago).

The costs are significant: 44% say they’ve suffered disruption of business processes (vs. 35% a year ago), and 44% say they’ve lost confidential data (up from 28%). 


   Talent in Crisis


say burned-out colleagues have quit


thought of quitting themselves


Security teams are firefighting

Twenty-eight percent of security teams spend their time fighting crises (up from 26% last year) rather than preparing for supply chain, ransomware and other attacks. Why?

  • 26% cite overwhelming tool complexity
  • 29% cite hiring or retention challenges
  • 28% cite cloud complexity and lack of visibility


Attacked from all sides

Following the SolarWinds, Kaseya and Log4Shell attacks, supply chain threats are front and center; 90% of orgs have increased their focus on third-party risk. But other threats abound:


  • Ransomware: 79% were attacked; 20% had data/systems held hostage
  • Phishing: 51% report business email compromise
  • Insider attacks: 39% of organizations report an inside job

    Victims Pay Up

of ransomware victims pay up


manage to restore from backup

of orgs have adopted SOAR technologies


Shift from reaction to action

The research details how CISOs are working more closely with their C suites and boards, investing in talent and training, and doubling down on key technologies and techniques:

  • Security analytics: 67% of orgs are investing in analytics technologies; the rest use the automation/orchestration capabilities in their SIEM solution.
  • DevSecOps: 75% of orgs use DevSecOps, including to prevent malware and flaws from reaching production, to apply runtime API security controls and to log code changes for audit.


Building better security today

The report features six key recommendations drawn from this global research, including:

  • Build an SBOM: The software bill of materials will be an industry standard for supply chain defense.
  • Automate strategically: You’re enhancing your analysts, not replacing them.
  • Two attacks on complexity: Improve cloud visibility while minimizing tool sprawl; see more, monitor effectively.
of orgs expect to increase spending on security

See how security leaders worldwide are beating ever-rising challenges in 2022.