Cyber security report

Cyber risk in 2022:

A 360° view

Dive into some of the biggest developments and trends from the cyber risk world in 2022, with the latest report – produced by the Vulcan Cyber in-house research team, Voyager18.

This report covers the landscape as we know it today, and suggests ways to improve and maintain security posture as we enter 2023.

Get the report now

From the report

In focus

The cost of a data breach

Organizations aren’t only facing more threats than before, but the cost of a potential breach is higher than it was last year. Incidents racked up a record $4.35 million in cost, while organizations not employing zero trust strategies incurred an even greater loss at $5.14 million.

Moreover, the rapid rise of cloud adoption means that organizations are storing critical data in an environment for which the security frameworks are often still in their infancy. For those with less mature cloud security programs, the cost of a breach was $660,000 more on average.

The vulnerability data nightmare

Data should provide IT security teams with much-needed clarity into their cyber risk landscapes. But information from multiple feeds across an increasing number of attack surfaces has produced an unmanageable backlog of vulnerabilities that may never be fixed.

66% of surveyed practitioners face a backlog of more than 100,000 vulnerabilities. While some won’t have any real impact, many should be immediate concerns – but with so much data to sift through, efficiently prioritizing these vulnerabilities is an uphill struggle.

The rise of AI

Given the considerable challenges IT security teams face in 2022 and beyond, it’s no surprise that there is a growing appetite for machine learning and artificial intelligence in managing cyber risk.

AI would help parse data and efficiently identify patterns and future threats. This reality is widely accepted in the industry, with the majority of respondents to a recent IBM survey considering the use of AI in their security workflows.

The MITRE ATT&CK mapping project

With backlogs growing, recognizing the common trends tying vulnerabilties together allow IT teams to mitigate risk efficiently. The Voyager18 team mapped CVEs to the MITRE ATT&CK framework in an effort to demystify vulnerability data.

Using MITRE’s own mapping methodology as a basis, the ongoing project combines CVE descriptions, CWE data, CVSS vector information – alongside textual analysis and machine learning processes – to connect relevant attack techniques to each CVE.

50%

of zero-day vulnerabilities exploited during the first six months of 2022 were variants of previously patched bugs.

65%

of organizations confirmed that vulnerabilities ranked low should have been more highly prioritized for their business environments.

27%

were impacted by a security incident in their public cloud infrastructure.

17%

of data breach threats in 2022 were the result of negligent employees.

Cyber risk headlines
in 2022

CISA's CVE backtrack, Telegram, and more: first officer's blog - week 1

The new Google bug bounty and more: first officer's blog - week 15

CVE-2021-35587, Meta and more: first officer's blog - week 28

Read the report today

*Data on this page was sourced from IBM, Verizon, Google Project Zero, Check Point, and original research conducted by the Voyager18 team at Vulcan Cyber.

Vulcan Cyber 2022