Skip to main content

The State of Security 2022

Global research: Security leaders’ priorities for cloud integrity, the talent gap and the most urgent attack vectors.

LANDSCAPE

Security incidents are up

65%
of organizations worldwide report an increase in attempted cyberattacks.
49%
of orgs say they suffered a data breach over the past two years, up from 39% in our 2021 survey.
59%
of security teams say they had to devote significant time and resources for remediation (up from 42% a year ago).

The costs are significant: 44% say they’ve suffered disruption of business processes (vs. 35% a year ago), and 44% say they’ve lost confidential data (up from 28%). 

Pressures

   Talent in Crisis

73%

say burned-out colleagues have quit

70%

thought of quitting themselves

PRESSURES

Security teams are firefighting

Twenty-eight percent of security teams spend their time fighting crises (up from 26% last year) rather than preparing for supply chain, ransomware and other attacks. Why?

  • 26% cite overwhelming tool complexity
  • 29% cite hiring or retention challenges
  • 28% cite cloud complexity and lack of visibility

VECTORS

Attacked from all sides

Following the SolarWinds, Kaseya and Log4Shell attacks, supply chain threats are front and center; 90% of orgs have increased their focus on third-party risk. But other threats abound:

 

  • Ransomware: 79% were attacked; 20% had data/systems held hostage
  • Phishing: 51% report business email compromise
  • Insider attacks: 39% of organizations report an inside job
Vectors

    Victims Pay Up

66%
of ransomware victims pay up

33%

manage to restore from backup

Strategies
 
88%
of orgs have adopted SOAR technologies

Strategies

Shift from reaction to action

The research details how CISOs are working more closely with their C suites and boards, investing in talent and training, and doubling down on key technologies and techniques:

  • Security analytics: 67% of orgs are investing in analytics technologies; the rest use the automation/orchestration capabilities in their SIEM solution.
  • DevSecOps: 75% of orgs use DevSecOps, including to prevent malware and flaws from reaching production, to apply runtime API security controls and to log code changes for audit.

RECOMMENDATIONS

Building better security today

The report features six key recommendations drawn from this global research, including:

  • Build an SBOM: The software bill of materials will be an industry standard for supply chain defense.
  • Automate strategically: You’re enhancing your analysts, not replacing them.
  • Two attacks on complexity: Improve cloud visibility while minimizing tool sprawl; see more, monitor effectively.
Recommendations
 
93%
of orgs expect to increase spending on security

See how security leaders worldwide are beating ever-rising challenges in 2022.