Ransomware activities and the cost of breaches are on the rise.
Cybersecurity talent is hard to find, and an increasing number of cybersecurity professionals are considering leaving their jobs.
Moving to the digital world increases the risk of a breach.
The pandemic has fundamentally changed the technology landscape. Security programs must understand how their threat surface is now different and adapt their controls to meet the challenge.
The upside to the upheaval in 2021 is new opportunities to modernize your security program.
Impact and Result
Use the report to ensure your plan in 2022 addresses what’s important in cybersecurity.
Understand the current situation in the cybersecurity space.
Security Priorities 2022 Research & Tools
1. Security Priorities 2022 – A report that describes priorities and recommendations for CISOs in 2022.
Use this report to understand the current situation in the cybersecurity space and inform your plan for 2022. This report includes sections on protecting against and responding to ransomware, acquiring and retaining talent, securing a remote workforce, securing digital transformation, and adopting zero trust.
disruptions to the way we work caused by the pandemic are here to stay.
The pandemic has introduced a lot of changes to our lives over the past two years, and this is also true for various aspects of how we work. In particular, a large workforce moved online overnight, which shifted the work environment rapidly.
People changed how they communicate, how they access company information, and how they connect to the company network. These changes make cybersecurity a more important focus than ever.
Although changes like the shift to remote work occurred in response to the pandemic, they are largely expected to remain, regardless of the progression of the pandemic itself. This report will look into important security trends and the priorities that stemmed from these trends.
30% more professionals expect transformative permanent change compared to one year ago.
47% of professionals expect a lot of permanent change; this remains the same as last year. (Source: Info-Tech Tech Trends 2022 Survey; N=475)
The cost of a security breach is rising steeply
The shift to remote work exposes organizations to more costly cyber incidents than ever before.
Average cost of a data breach in 2021
The cost of a data breach rose by nearly 10% in the past year, the highest rate in over seven years.
More costly when remote work involved in the breach
The average cost of breaches where remote work is involved is $1.07 million higher than breaches where remote work is not involved.
The ubiquitous remote work that we saw in 2021 and continue to see in 2022 can lead to more costly security events. (Source: IBM, 2021)
Remote work is here to stay, and the cost of a breach is higher when remote work is involved.
The cost comes not only directly from payments but also indirectly from reputational loss. (Source: IBM, 2021)
Security teams can participate in the solution
The numbers are clear: in 2022, when we face a threat environment like WE’VE never EXPERIENCED before, good security is worth the investment
Saved when zero trust is deployed facing a breach
Zero trust controls are realistic and effective controls.
Organizations that implement zero trust dramatically reduce the cost of an adverse security event.
More costly if it takes more than 200 days to identify and contain a breach
With increased BYOD and remote work, detection and response is more challenging than ever before – but it is also highly effective.
Organizations that detect and respond to incidents quickly will significantly reduce the impact. (Source: IBM, 2021)
Breaches are 34% less costly when mature zero trust is implemented.
A fully staffed and well-prepared security team could save the cost through quick responses. (Source: IBM, 2021)
Top security priorities and constraints in 2022
As part of its research process for the 2022 Security Priorities Report, Info-Tech Research Group surveyed security and IT leaders (N=97) to ask their top security priorities as well as their main obstacles to security success in 2022:
Survey respondents were asked to force-rank their security priorities.
Among the priorities chosen most frequently as #1 were talent management, addressing ransomware threats, and securing hybrid/remote work.
Talent management is both the #1 priority and the top obstacle facing security leaders in 2022.
Unsurprisingly, the ever-changing environment in a world emerging from a pandemic and budget constraints are also top obstacles.
We know the priorities…
But what are security leaders actually working on?
This report details what we see the world demanding of security leaders in the coming year.
Setting aside the demands – what are security leaders actually working on?
Many organizations are still mastering the foundations of a mature cybersecurity program.
This is a good idea!
Most breaches are still due to gaps in foundational security, not lack of advanced controls.
We know the priorities…
But what are security leaders actually working on?
One industry plainly stands out from the rest. Government organizations are proportionally much more active in security than other industries, and for good reason: they are common targets.
Manufacturing and professional services are proportionally less interested in security. This is concerning, given the recent targeting of supply chain and personal data holders by ransomware gangs.
5 Security Priorities for 2022
Acquiring and Retaining Talent Create a good working environment for existing and potential employees. Invest time and effort into talent issues to avoid being understaffed.
Securing a Remote Workforce Create a secure environment for users and help your people build safe habits while working remotely.
Securing Digital Transformation Build in security from the start and check in frequently to create agile and secure user experiences.
Adopting Zero Trust Manage access of sensitive information based on the principle of least privilege.
Protecting Against and Responding to Ransomware Put in your best effort to build defenses but also prepare for a breach and know how to recover.
Main Influencing Factors
COVID-19 Pandemic The pandemic has changed the way we interact with technology. Organizations are universally adapting their business and technology processes to fit the post-pandemic paradigm.
Rampant Cybercrime Activity By nearly every conceivable metric, cybercrime is way up in the past two years. Cybercriminals smell blood and pose a more salient threat than before. Higher standards of cybersecurity capability are required to respond to this higher level of threat.
Remote Work and Workforce Reallocation Talented IT staff across the globe enabled an extraordinarily fast shift to remote and distance work. We must now reckon with the security and human resourcing implications of this huge shift.
Acquire and Retain Talent
Security talent was in short supply before the pandemic, and it's even worse now.
Cybersecurity talent has been in short supply for years, but this shortage has inflected upward since the pandemic.
The Great Resignation contributed to the existing talent gap. The pandemic has changed how people work as well as how and where they choose work. More and more senior workers are retiring early or opting for remote working opportunities.
The cost to acquire cybersecurity talent is huge, and the challenge doesn’t end there. Retaining top talent can be equally difficult.
A 2021 survey by ESG shows that 76% of security professional agree it’s difficult to recruit talent, and 57% said their organization is affected by this talent shortage.
(ISC)2 reports there are 2.72 million unfilled job openings and an increasing workforce gap (2021).
2.72 million unfilled cybersecurity openings (Source: (ISC)2, 2021)
Securing the workforce in the remote environment.
Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.
We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
What Is a Blueprint?
A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.
Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.