Introducing the 2022 State of Cyber Assets Report

by

The inaugural State of Cyber Assets Report (SCAR) offers insights from over 370 million cyber assets across 1270 organizations. We conducted this research to understand how the proliferation of software-defined assets has changed the topology of attack surface management and security best practices.

If every cyber asset in this dataset was represented by a drop of water, the whole dataset would equate to nearly 5,000 gallons of water. That's enough water to fill the average guest bedroom in the U.S. (10' x 10' x 8') with just enough space to keep one's head above water.

Organizations are drowning in cyber assets.

What does this mean for individual security professionals?

On average, there are 0.106 cybersecurity professionals per single U.S. business entity1, which means there are approximately 135 security professionals across the 1270 organizations in the report's dataset carrying the weight of cyber assets.

Considering that a gallon of water weighs about 8lbs, that's nearly 5,000 gallons spread across 135 security professionals (at 1270 organizations) which means each carries about 290 lbs.

The average person can't even squat the equivalent of their body weight, let alone 300lbs.

It's no wonder why burnout is so rampant in the security profession.

Unfortunately, the pure volume of cyber assets isn't the only thing that's contributing to the chaos. The complexity of relationships between cyber assets and their attributes are additional elements of a perfect storm in a rapidly changing attack surface landscape.

The 2022 State of Cyber Assets Report dives into:

  • The superclasses of cyber assets like devices, networks, applications, data, and users
  • The attributes of these cyber assets such as findings and policies
  • The relationships between the attributes and cyber assets
  • Common queries and questions about cyber assets

Top findings include:

  • The Attack Surface is Expanding: The average security team is responsible for 165,633 cyber assets, including 28,872 cloud hosts, 12,407 network interfaces, 55 applications per human employee, 59,971 data assets (including 3,027 secrets), and 35,018 user assets.
  • Alert Fatigue is Nothing New: The average security team is facing a backlog of 120,561 findings and alerts awaiting review.
  • Cloud Assets Dominate: Nearly 90 percent of device assets in the modern organization are cloud-based, meaning physical devices such as laptops, tablets, smartphones, routers, and IoT hardware represent less than 10 percent of total devices.
  • High Levels of Third-Party Risk: 91.3% of code running in the enterprise is developed by a third-party, meaning that modern organizations are incredibly vulnerable to supply chain attacks.
  • Orphaned Assets are a Myth: While previously believed to be heavily isolated, users, networks, and devices are hardly ever on an island considering their rampant first-degree relationships to mission-critical data.

In the coming weeks, we'll share more highlights and learnings across the following topics:

  • The expanding attack surface
  • Outdated skills training
  • Cloud-native architecture
  • Software supply chain
  • Security blind spots

Get the full report today and sign up for our webinar highlighting the key research findings on March 28 at 11am PDT.

Lastly, here is an infographic showcasing data from the report (click to enlarge):

2022-state-of-cyber-assets_infographic

Footnote

[1] (ISC)2 Cybersecurity Workforce Study 2021

Ashleigh Lee
Ashleigh Lee

As Senior Product Marketing Manager at JupiterOne, I love getting to the heart of what problems our customers are solving and how that ties in with the cybersecurity mission at their organizations. With over a decade of experience in B2B tech marketing, and the last 7 years in cybersecurity, I have honed my digital swiss army knife background into sharing customer stories that resonate and drive action.

Keep Reading

Proactive IAM Security: Transforming Identity Security with Actionable Insights | Okta Integration with JupiterOne
December 19, 2024
Blog
Unlocking Proactive Security: How Okta and JupiterOne Elevate IAM Insights

Unlock proactive IAM security with Okta and JupiterOne, gaining real-time insights, enforcing least privilege, and reducing risks in dynamic cloud environments.

Transitioning from Vulnerability Management to Exposure Management | JupiterOne
December 13, 2024
Blog
Transitioning from Vulnerability Management to Exposure Management with JupiterOne

Explore Gartner's latest report on Exposure Management and learn how your organization can prioritize vulnerabilities and minimize exposures.

The Ultimate CAASM Guide for 2025 | JupiterOne
November 20, 2024
Blog
The Ultimate CAASM Guide for 2025

Discover how Cyber Asset Attack Surface Management (CAASM) is providing enhanced visibility of internal and external assets in 2025.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.