Economic anxiety, staffing challenges, and growing supply chain threats among other factors impacting cybersecurity spending and planning

NEW YORK & TEL AVIV, ISRAEL – 16 November 2022: Cymulate, the leader in cybersecurity risk validation and exposure management, today announced the results of a global survey of more than 1,000 IT and security professionals examining the influence of ongoing uncertainties in cybersecurity and cyber resilience.

The 2022 Cymulate Global Readiness Survey investigated the impact of increased geopolitical tensions, economic concerns, and the Great Resignation, as well as more technical aspects such as the rise of supply chain attacks and the efficacy of best practices, on cybersecurity and cyber-readiness within enterprises. Consolidation of cybersecurity solutions was a key theme within the findings, with 60% reporting their organization is seeking to reduce the number of solutions in use. Notably, only 20% of respondents reported affordability as the main reason, while 23% and 22% cited usability and the need to right-size their security setup as the primary driver of consolidation.

“Businesses of all sizes shared that it is no longer about point solutions. With the volume of security tools and data, the need has shifted towards an integrated security suite,” said Carolyn Crandall, chief security advocate at Cymulate.

Economic anxiety has delayed purchasing with most respondents noting project delays of three to six months. Interestingly, rising geopolitical tensions like the conflict in Ukraine and the standoff over Taiwan were not cited as having an impact on budget reductions or purchasing decisions.

Additional key highlights of the survey include:

•  Cybersecurity workers are twice as likely than the overall labor market to be part of the Great Resignation: Twice as many respondents say they are frustrated by their jobs and actively looking for new roles than the average. The rate quadrupled when cybersecurity teams are short- staffed and work conditions have worsened, or the enterprise declined to prioritize basic cyber hygiene principles.

•  The industry remains challenged with adopting essential cybersecurity hygiene best practices: Though a critical component of shoring up cyber resiliency, roughly one-third to almost one-half of respondents said their enterprises had yet to adopt multi-factor authentication (MFA), improved identity access management (IAM), least privileges adoption, EDR adoption, web protection, and phishing education.

•  Frequent supply chain attacks are driving cybersecurity preparation: 52% of respondents indicated that they believe supply chain issues to be responsible for up to a quarter of all attacks, while 26% believe it may be as high as half of all attacks. The threat of supply chain attacks is affecting organization’s strategies, with 45% of respondents reporting that the vulnerability of the supply chain has led to increased cybersecurity proactiveness and preparation.

• The adoption of proactive cybersecurity testing is key to reducing risk and staying in front of evolving threats: 80% of respondents said their organization had adopted some degree of proactive measures. However, only 29% reported their organization had incorporated penetration testing or other baseline measures. Additionally, only 30% of respondents said their organization had incorporated advanced proactive solutions that include breach attack simulation (BAS), attack surface management and vulnerability management, indicating significant room for growth.

With the increasing number of cyber threats and their devastating effects on business revenue, productivity and reputation, Frost & Sullivan projects the global BAS market to increase at a CAGR of 38.5% between 2021 and 2026. The global survey was conducted on LinkedIn and gathered responses from more than 1,000 IT and security professionals representing a wide range of industries, organization sizes, and specific roles. Of the respondents, 81% occupy a technical role, such as cybersecurity, IT, or DevOps, and 70% are considered decision-makers in the organization, including individuals at the manager, director, and executive levels. The survey includes respondents from North America, Latin America, APAC, and EMEA
representing companies ranging in size from less than 500 employees to more than 50,000. In addition, nearly every major industry is represented, including finance, healthcare, manufacturing, retail, and others, yielding a broadly representative sample.

About Cymulate

The Cymulate cybersecurity risk validation and exposure management solution provides security professionals with the ability to continuously challenge, validate and optimize their on-premises and cloud cyber-security posture with end-to-end visualization across the MITRE ATT&CK® framework. The platform provides automated, expert, and threat intelligence-led risk assessments that are simple to deploy, and easy for organizations of all cybersecurity maturity levels to use. It also provides an open framework for creating and automating red and purple teaming exercises by generating tailored penetration scenarios and advanced attack campaigns for their unique environments and security policies. For more information, visit

Contact for Cymulate:
Katrina Porter, Sr. Manager,
Marketing Communications at Cymulate
[email protected]