One of the hallmarks of our digital age is the rapid pace of change. The ability to procure core technology components at lower costs and the ability to connect individuals around the globe have dramatically accelerated the capacity for innovation, and there is often a sense that businesses need to constantly adapt or face irrelevance.
The State of Cybersecurity
2021 Report:
Introduction
18%
Lorem ipsum dolor sit amet, consectetur adipiscing elitsed do eiusmod tempor.
10K
Lorem ipsum dolor sit amet, consectetur adipiscing elitsed do eiusmod tempor.
Trends to Watch
Market Overview
Introduction
Full Report
Companies can clearly not rely exclusively on hiring to fill their gaps. Finding the right fit on the open market is both challenging and expensive. Training is an option that should be utilized more heavily. Training for existing workers can target specific skills, deliver results more quickly and build loyalty among employees. As cybersecurity grows more complex, expanded partnering is also worth exploring.
Unfortunately, attracting or building the right skills is only half the battle. Retaining skills, especially in a high-demand environment, is a major undertaking. The good news is that many retention activities line up neatly with developing a strategic view of cybersecurity. The top challenge in managing cybersecurity resources, cited by half the respondents in CompTIA’s survey, is providing the tools and support that allow staff to be effective. This may result in financial investment (as does the second challenge, paying market wages), but it can also be achieved with structural changes or new processes. The third challenge requires no financial investment at all but circles back to the main policy goal. Integrating cybersecurity with business initiatives is a root cause action that can address the symptom of cybersecurity professionals who feel disconnected from the organization.
Over the past year, the business world has been adjusting to lessons learned from the COVID pandemic. On a workforce level, companies are struggling to decide the best ways to balance employee flexibility and corporate culture. On a technical level, the many benefits of a cloud-first architecture are being weighed against the challenges of managing complexity and cost in a multi-cloud environment. It will still be years before we understand what equilibrium looks like in the post-pandemic environment, but the early changes point to a significant restructuring.
Another prominent takeaway from the pandemic is that symptoms are often easier to diagnose and treat than root causes. This obviously has implications beyond corporate strategies, but a prime example of this concept in the business world is the field of cybersecurity. Companies are made all too aware of poor cybersecurity when they are breached, and a postmortem can identify processes or tools that would have prevented or mitigated the attack. But that may not address underlying problems that can lead to a different cyber incident down the road.
Introduction
CompTIA’s 2022 State of Cybersecurity report examines the disconnect between root cause and symptoms. Digital transformation driven by cloud and mobile adoption is forcing a new strategic approach to cybersecurity, but fully adopting this new approach poses significant challenges, both tactically and financially.
The State of Cybersecurity
714,518
U.S. Job Openings Requesting Cybersecurity-Related Skills
$172.5 billion
Estimated global spending on cybersecurity in 2022
$6.1 trillion
Estimated global cost of cybercrime in 2021
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad.
Lorem Ipsum
Information
Vestibulum morbi blandit cursus risus at ultrices mi tempus. Bibendum neque egestas congue quisque egestas diam in. Neque viverra justo nec ultrices dui sapien eget mi proin. Rhoncus aenean vel elit scelerisque.
98%
Lorem Ipsum
22%
Lorem Ipsum
16%
Lorem Ipsum
Spending Projections
2020-2021
Read Now
Learn more from CompTIA’s quantitative study based on surveys conducted during Q3 2022 of 1,250 global business and tech professionals involved in cybersecurity. CompTIA is a leading voice and advocate for the $5 trillion global IT ecosystem and the estimated 75 million professionals who design, implement, manage and safeguard the technology that powers the world’s economy.
Read Our Full Report
2022 State of Cybersecurity
© CompTIA 2022
Contact Us
Legal Info
Compliance
Privacy Notice
Acceptable Use
Terms of Use
U.S. companies experiencing a successful phishing attack in 2020
74%
Average number of days to identify and contain a data breach
287
Market Overview
Next Page
The cybersecurity product list starts with pieces that have been around for a long time. Firewalls, antivirus and anti-malware were the primary components of the secure perimeter, and they still serve that function even as the secure perimeter has dropped in importance. These tools are ubiquitous, although many end users (and possibly even IT staff) may not think of them as part of the product set since they are so common. Network monitoring is another tool with a long history and one that is evolving to fit the times.
Product
4.
Trends to Watch
Next
The participation rates within cybersecurity chains show which layers are getting less attention. A cybersecurity chain is all the stakeholders that take part in cybersecurity discussions, with the goal of tying these discussions together into a comprehensive strategy. As expected, most firms have high participation from the IT function. These numbers are dragged down slightly by smaller companies that may not have dedicated IT staff, but most companies would clearly have technical staff as part of the cybersecurity solution.
People
3.
Trends to Watch
Next
This year, zero trust is starting to move from broad policy into tactical processes. For several reasons, adoption of zero trust will not take place overnight. First and foremost, zero trust represents a drastically different way of thinking about cybersecurity. Rather than viewing cybersecurity as one of many components within the IT function and simply investing in hardware or software, companies must now view cybersecurity as an organizational imperative, extending beyond technology products into decisions around workflow and workforce.
Process
2.
Trends to Watch
Next
Another way that cybersecurity mirrors the evolution of enterprise IT is that both have become more strategic. Over the next year, there will be a concentrated move toward integrating cybersecurity with business operations. Accepting cybersecurity as a critical component of digital transformation will drive new questions and new measures of success throughout the organization. At the same time, adopting a holistic viewpoint will address many of the existing hurdles around changing the approach to cybersecurity.
Policy
1.
Trends to Watch
Automation reduces complexity but poses new challenges
4
Product
Organizations focus on specialization and enablement
3
People
Zero trust tactics are used to move the needle
2
Process
Cybersecurity becomes more integrated with business operations
1
Policy
Trends To Watch
2022
48%
47%
45%
44%
44%
38%
33%
28%
Compliance with regulations
Breadth of skills needed
Quantifying security issues
Increased reliance on data
Scale of potential attacks
Variety of attacks
Privacy concerns/building trust
Growing number of cybercriminals
Issues Driving Cybersecurity
In many ways, the field of cybersecurity is a reaction to the ways that enterprise IT evolves. After all, the need for cybersecurity only comes after technology has been implemented. This dynamic has intensified in recent years, as businesses aggressively pursue technology with the tendency to treat cybersecurity as a secondary consideration.
To the extent that the shape of cybersecurity follows the shape of IT, the defining characteristic of modern cybersecurity is complexity. Just as IT operations and strategy have grown more complex with the introduction of cloud and mobile systems, the management of cybersecurity has developed many facets as companies deal with the expansion of the threat landscape. According to CompTIA’s survey, two of the top three issues driving cybersecurity are the growing number of cybercriminals and the growing variety of attacks.
Next Page
Next Page
Next: Process
Although cybersecurity incidents alone are not a sufficient measure of a cybersecurity posture, they still provide a window into the need for strategic thinking. Among companies that recognized the occurrence of a cybersecurity incident in the past year, 57% said the incident had a severe or moderate impact on the organization, with 16% classifying the impact as severe. Aside from purchasing new software or hardware to address the incident, the largest component of mitigation efforts is the time spent by technical staff in resolving the issue.
Policy
1.
Trends to Watch
Next: People
Next Page
Building organizational awareness around zero trust will be a demanding task. Zero trust still ranks quite low as a cybersecurity practice within organizations, but this is partly because different areas of the workforce have different levels of familiarity with cybersecurity strategy. For example, a relatively low percentage of respondents – including only 24% of respondents from large companies – indicate that their organization has a practice around business continuity and disaster recovery (BCDR). The incidence of BCDR plans is likely much higher, but individuals within business units may not be required to understand any part of these plans.
Process
2.
Trends to Watch
Next: Product
Next Page
While organizations are in the early days of refining processes around skill assessment, the list of skill needs from CompTIA’s survey may present a more accurate picture of current demand. Network security may seem like an area with deep expertise since the task has been performed for a long time, but the reality is that changes in the IT landscape demand constant improvement. Other areas such as threat knowledge, data analysis and identity management are more obvious candidates for skill growth since they represent more recent trends in cybersecurity.
People
3.
Trends to Watch
Next Page
With so many tools in the arsenal and so many constraints on cybersecurity personnel, the obvious next step is automation. Previous research from CompTIA on the topic of automation sheds some light on how automation figures into a cybersecurity strategy. The research, conducted in Q2 2021 among 397 business professionals, shows that detecting potential cybersecurity incidents is the top example of automation initiatives being undertaken by companies today.
Product
4.
Trends to Watch
Cybersecurity Statistics
The general state of cybersecurity – which may include the organization of cybercriminals, governmental responses or the capabilities of available cyberdefense mechanisms – is making relatively slow progress. Especially in more developed regions, few individuals believe that there is dramatic improvement being made.
In most cases, nearly the same percentage of people believe that the situation is getting worse. While year-over-year data is not available outside the United States, the trend does not appear to be positive; the overall percentage of U.S. respondents who saw improvement in the cybersecurity landscape dropped slightly from 69% to 68%.
Bringing things closer to home, the view is not much better at the company level. While a majority of respondents in every region felt that their company’s cybersecurity was satisfactory, a much smaller number ranked the situation as completely satisfactory.
Nearly everyone feels that there is room for improvement, with some cases more dire than others. Here, the year-over-year trend shows some mixed signals. In the United States, net satisfaction rose (from 70% to 75%), but the rating of complete satisfaction dropped (from 29% to 24%).
Digital transformation driven by cloud and mobile adoption is forcing a new strategic approach to cybersecurity.
Global Cybersecurity Outlook
Organizational Cybersecurity Satisfaction
13%
17%
18%
53%
ANZ
13%
8%
29%
50%
ASEAN
25%
17%
15%
43%
US
14%
18%
18%
50%
Germany
15%
21%
17%
48%
Benelux
22%
18%
20%
40%
UK
14%
12%
19%
54%
CANADA
7%
22%
21%
50%
ANZ
16%
3%
30%
51%
ASEAN
24%
6%
19%
51%
US
15%
17%
22%
46%
Germany
11%
22%
20%
47%
Benelux
14%
5%
19%
59%
CANADA
3%
22%
22%
53%
UK
Hurdles for Changing Approach to Cybersecurity
Impact of Cybersecurity Incidents
Cybersecurity Practices in Place
Areas for Improvement in Threat Intelligence
Next Page
Groups Involved in Cybersecurity Chain
Cybersecurity Skills Needs
Cybersecurity Products in Use
Next
Tools Used Within Formal Incident Detection
and Response Practices
Click on each box for more details.
Click on each box for more details
Click on each box for more details
Click on each box for more details
Click on each box for more details
Click on each box for more details
Click on each box for more details
Click on each box for more details
Click on each box for more details
Click on each box for more details
Click on each box for more details
Click on each box for more details
Click on each box for more details
Click on each box for more details
Click on each box for more details