- Most are focusing on governance and compliance standards, new tool/initiative implementation, and tool/initiative evaluation this quarter.
- While most consider their cybersecurity budget to be adequate, almost a quarter consider their budget to be stretched.
- Cybersecurity breaches were common in Q1, with around a third reporting service disruption due to software supply chain attacks.
- Over half reported an increase in cybersecurity incidents in Q1 compared to the previous quarter.
- Endpoint security is the most common focus for implementation/enhancement.
- The most common challenge is integrating new tools with legacy technology.
- Most are satisfied with their current cybersecurity posture and feel confident about achieving their cybersecurity goals in Q1.
Cybersecurity is ensuring business continuity by protecting their organization's digital assets, including sensitive data, from attack or employee negligence.
Amid rising global tensions at a time when nations are deploying IT armies and enacting cybersecurity mandates, what was the state of cybersecurity in Q1, 2022? Gartner Peer Insights polls executives in real-time, taking a pulse on trends and sentiment.
Tech decision-makers can use this report to benchmark against their peers (and customizable, real-time results remain available to Gartner Peer Insights community members). These data were collected from Feb 14 - to Mar 20, 2022. Respondents were all 361 tech decision-makers whose role relates to cybersecurity.
Most Cybersecurity Projects Focused on Ensuring Governance and Compliance Standards in Q122
The top cybersecurity projects decision-makers focused on in Q1 related to governance and compliance standards (56%), implementing new tools or initiatives (55%), and evaluating current cybersecurity tools or initiatives (52%).
"Progress is made, but cybersecurity remains underprioritized as compared to business initiatives."
- Director, finance industry, 10,000+ employees
"Everything in cybersecurity is challenging," said one contributor to the related discussion on the Gartner Peer Insights platform. That tech decisionmaker, from the C-Suite of a finance-industry company, went on to urge peers: "So focus on talent instead of tools."
Other Key Findings on Q122 Cybersecurity
- Only 32% report they did not experience a cybersecurity breach in Q1.
- Over half (51%) of respondents report that cybersecurity incidents rose in Q1 from Q421.
- The most commonly reported breach was malicious activity on the network that did not affect service (34%).
- Almost a third (32%) report that tools used by their organization had been victim to a software supply chain attack, and they experienced service disruption as a result
Related discussions on the Gartner Peer Insights Platform surfaced ongoing challenges with the day-to-day challenges. "Leadership is never proactive and only pays attention after a successful breach," said one director in the education sector.
"If you have to wait on human interaction to isolate and protect, it is already too late," said a director from the software industry.
- Most (80%) are satisfied with the progress made on their cybersecurity goals in Q1, but almost a quarter of decision-makers considered their cybersecurity budget to be stretched.
- 44% said their cybersecurity budget is not adequate to deliver on goals and another 22% consider it stretched.
"There is an increased impetus and board acceptance for investment and focus in [cybersecurity] and this is helping to drive implementation of advanced tools and processes and improving the overall security posture," said a tech decision-maker from the C-suite of a finance industry organization. But another said, "Budget is a challenge in terms of tools and staff. End-user awareness continues to be a challenge."
- The most commonly reported cybersecurity measures that decision-makers are adding or enhancing in Q1 were endpoint security (55%), access management (49%) and data security (45%).
- The most commonly cited cybersecurity challenges were new tool integration (46%), end-user cybersecurity hygiene (38%), and budget restrictions (29%).
"Client identity and access management are huge areas that our teams will be focusing on as well as identity proofing," said one director. "We have signed up for a tool that provides AI-based detection and blocking. It's too early to tell, but its initial detections whilst in transparent mode are promising," said another.