Get Instant Access
to This Blueprint

Security icon

Security Priorities 2022

Securing the workforce in the remote environment.

  • Ransomware activities and the cost of breaches are on the rise.
  • Cybersecurity talent is hard to find, and an increasing number of cybersecurity professionals are considering leaving their jobs.
  • Moving to the digital world increases the risk of a breach.

Our Advice

Critical Insight

  • The pandemic has fundamentally changed the technology landscape. Security programs must understand how their threat surface is now different and adapt their controls to meet the challenge.
  • The upside to the upheaval in 2021 is new opportunities to modernize your security program.

Impact and Result

  • Use the report to ensure your plan in 2022 addresses what’s important in cybersecurity.
  • Understand the current situation in the cybersecurity space.

Security Priorities 2022 Research & Tools

1. Security Priorities 2022 – A report that describes priorities and recommendations for CISOs in 2022.

Use this report to understand the current situation in the cybersecurity space and inform your plan for 2022. This report includes sections on protecting against and responding to ransomware, acquiring and retaining talent, securing a remote workforce, securing digital transformation, and adopting zero trust.

Security Priorities 2022

The pandemic has changed how we work

disruptions to the way we work caused by the pandemic are here to stay.

The pandemic has introduced a lot of changes to our lives over the past two years, and this is also true for various aspects of how we work. In particular, a large workforce moved online overnight, which shifted the work environment rapidly.

People changed how they communicate, how they access company information, and how they connect to the company network. These changes make cybersecurity a more important focus than ever.

Although changes like the shift to remote work occurred in response to the pandemic, they are largely expected to remain, regardless of the progression of the pandemic itself. This report will look into important security trends and the priorities that stemmed from these trends.

30% more professionals expect transformative permanent change compared to one year ago.

47% of professionals expect a lot of permanent change; this remains the same as last year. (Source: Info-Tech Tech Trends 2022 Survey; N=475)

The cost of a security breach is rising steeply

The shift to remote work exposes organizations to more costly cyber incidents than ever before.

$4.24 million

Average cost of a data breach in 2021
The cost of a data breach rose by nearly 10% in the past year, the highest rate in over seven years.

$1.07 million

More costly when remote work involved in the breach

The average cost of breaches where remote work is involved is $1.07 million higher than breaches where remote work is not involved.

The ubiquitous remote work that we saw in 2021 and continue to see in 2022 can lead to more costly security events. (Source: IBM, 2021)

Remote work is here to stay, and the cost of a breach is higher when remote work is involved.

The cost comes not only directly from payments but also indirectly from reputational loss. (Source: IBM, 2021)

Security teams can participate in the solution

The numbers are clear: in 2022, when we face a threat environment like WE’VE never EXPERIENCED before, good security is worth the investment

$1.76 million

Saved when zero trust is deployed facing a breach

Zero trust controls are realistic and effective controls.

Organizations that implement zero trust dramatically reduce the cost of an adverse security event.


More costly if it takes more than 200 days to identify and contain a breach

With increased BYOD and remote work, detection and response is more challenging than ever before – but it is also highly effective.

Organizations that detect and respond to incidents quickly will significantly reduce the impact. (Source: IBM, 2021)

Breaches are 34% less costly when mature zero trust is implemented.

A fully staffed and well-prepared security team could save the cost through quick responses. (Source: IBM, 2021)

Top security priorities and constraints in 2022

Survey results

As part of its research process for the 2022 Security Priorities Report, Info-Tech Research Group surveyed security and IT leaders (N=97) to ask their top security priorities as well as their main obstacles to security success in 2022:

Top Priorities
A list of the top three priorities identified in the survey with their respective percentages, 'Acquiring and retaining talent, 30%', 'Protecting against and responding to ransomware, 23%', and 'Securing a remote workforce, 23%'.

Survey respondents were asked to force-rank their security priorities.

Among the priorities chosen most frequently as #1 were talent management, addressing ransomware threats, and securing hybrid/remote work.

Top Obstacles
A list of the top three obstacles identified in the survey with their respective percentages, 'Staffing constraints, 31%', 'Demand of ever-changing business environment, 23%', and 'Budget constraints, 15%'.

Talent management is both the #1 priority and the top obstacle facing security leaders in 2022.

Unsurprisingly, the ever-changing environment in a world emerging from a pandemic and budget constraints are also top obstacles.

We know the priorities…

But what are security leaders actually working on?

This report details what we see the world demanding of security leaders in the coming year.

Setting aside the demands – what are security leaders actually working on?

A list of 'Top security topics among Info-Tech members' with accompanying bars, 'Security Strategy', 'Security Policies', 'Security Operations', 'Security Governance', and 'Security Incident Response'.

Many organizations are still mastering the foundations of a mature cybersecurity program.

This is a good idea!

Most breaches are still due to gaps in foundational security, not lack of advanced controls.

We know the priorities…

But what are security leaders actually working on?

A list of industries with accompanying bars representing their demand for security. The only industry with a significant positive percentage is 'Government'. Security projects included in annual plan relative to industry.

One industry plainly stands out from the rest. Government organizations are proportionally much more active in security than other industries, and for good reason: they are common targets.

Manufacturing and professional services are proportionally less interested in security. This is concerning, given the recent targeting of supply chain and personal data holders by ransomware gangs.

5 Security Priorities for 2022 Logo for Info-Tech. Logo for ITRG.


  1. Acquiring and Retaining Talent
    Create a good working environment for existing and potential employees. Invest time and effort into talent issues to avoid being understaffed.
  2. Securing a Remote Workforce
    Create a secure environment for users and help your people build safe habits while working remotely.


  1. Securing Digital Transformation
    Build in security from the start and check in frequently to create agile and secure user experiences.


  1. Adopting Zero Trust
    Manage access of sensitive information based on the principle of least privilege.
  2. Protecting Against and Responding to Ransomware
    Put in your best effort to build defenses but also prepare for a breach and know how to recover.

Main Influencing Factors

COVID-19 Pandemic
The pandemic has changed the way we interact with technology. Organizations are universally adapting their business and technology processes to fit the post-pandemic paradigm.
Rampant Cybercrime Activity
By nearly every conceivable metric, cybercrime is way up in the past two years. Cybercriminals smell blood and pose a more salient threat than before. Higher standards of cybersecurity capability are required to respond to this higher level of threat.
Remote Work and Workforce Reallocation
Talented IT staff across the globe enabled an extraordinarily fast shift to remote and distance work. We must now reckon with the security and human resourcing implications of this huge shift.

Acquire and Retain Talent

Priority 01

Security talent was in short supply before the pandemic, and it's even worse now.

Executive summary


Cybersecurity talent has been in short supply for years, but this shortage has inflected upward since the pandemic.

The Great Resignation contributed to the existing talent gap. The pandemic has changed how people work as well as how and where they choose work. More and more senior workers are retiring early or opting for remote working opportunities.

The cost to acquire cybersecurity talent is huge, and the challenge doesn’t end there. Retaining top talent can be equally difficult.

Current situation

  • A 2021 survey by ESG shows that 76% of security professional agree it’s difficult to recruit talent, and 57% said their organization is affected by this talent shortage.
  • (ISC)2 reports there are 2.72 million unfilled job openings and an increasing workforce gap (2021).

2.72 million unfilled cybersecurity openings (Source: (ISC)2, 2021)

Securing the workforce in the remote environment.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Talk to an Analyst

Our analyst calls are focused on helping our members use the research we produce, and our experts will guide you to successful project completion.

Book an Analyst Call on This Topic

You can start as early as tomorrow morning. Our analysts will explain the process during your first call.

Get Advice From a Subject Matter Expert

Each call will focus on explaining the material and helping you to plan your project, interpret and analyze the results of each project step, and set the direction for your next project step.

Unlock Sample Research


Maggie Zeng

Cameron Smith


  • 97 survey respondents
  • Michael Quinn, Chief Executive Officer, Active Cypher
  • Rebecca Rivera, Director of Security, IAM, Paymentus Corporation
  • Brad Sexton, Chief Information Security Officer, Desert Research Institute
  • Qing Liu, Chief Information Officer, Public Utility Commission of Oregon
Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019