We’re pleased to share Scale’s annual Cybersecurity Perspectives Survey findings.
Every year, we survey hundreds of U.S.-based security leaders who are responsible for buying decisions, the success of security deployments, or the overall security of the company. The respondents in our survey include CISOs, VPs, and director-level professionals at enterprises with 500+ employees.
Now in its tenth year, the Survey provides a long-running perspective on the evolving security landscape and shifting priorities of security buyers in light of changes in attack tactics and evolving infrastructure and application architectures. The decade milestone for the Survey matches my own decade tenure at Scale. It’s amazing how much things have changed, in terms of attack tactics and exploits, while at the same time staying the same in terms of the risk-based approaches to prioritizing and implementing security programs.
For our 2023 report, our research goal was to understand how security leaders are responding to long-running challenges of rising security incidents and talent shortages. The full report is accessible here.
Top-line findings include:
- A 16% year-over-year increase in cloud services that were compromised due to an attack against a third party (43% this survey period versus 37% the year prior).
- A 58% increase in the number of firms compromised by phishing attacks that resulted in stolen employee credentials, despite a 20% increase in per-employee security budgets ($3,653 per employee, compared to $3,033 the year prior).
- 60% of respondents reporting that cloud security is the most difficult role to fill on their teams— which resonates with the previous year’s findings that 68% of firms are struggling to find people with the required skills and 70% of security leaders believing their teams are dissatisfied with their job, salary, and workload.
- 83% of respondents sharing that they are seeking to enforce existing security policies more strictly this year, with identity and access management (IAM) ranked #2 as a top security spending priority, compared to #8 the year prior.
The report also explores perspectives from security leaders regarding AI/ML and automation. 79% percent of respondents identified AI/ML as “important” or “extremely important” to improve their security posture by 2024, with 62% already investing in tools to automate manual security processes. However, 49% of security leaders expressed concern that threat actors would poison AI/ML models, which suggest that the optimal applications of AI/ML in security are yet to be defined.
Overall, security investments are decreasing in efficacy despite more effort going into protecting enterprise networks, suggesting that teams will need to work smarter. The specific role of AI/ML is likely to become clearer in the year ahead.
While the Survey responses and security threats and priorities change from year to year, what remains constant is the need for innovation in the ecosystem to deal with the rapidly evolving risks that each enterprise faces. We’re always eager to talk to and learn from all you innovative founders out there that are helping defenders protect their assets in this ever-changing environment.
The web-based survey consisted of a sample size of 300 people and was fielded May 9-13, 2023. It focused on the 12 months prior and 12 months upcoming, with a +/- 2.21% margin of error.