Second annual State of Cyber Assets Report reveals growth in cyber asset value and scale

by

The second annual State of Cyber Assets Report (SCAR) is now available, closely analyzing the cyber assets and security findings from small, mid, and enterprise organizations using JupiterOne.

Not only does the SCAR offer insights into these data points, but it also provides a valuable comparison to last year’s inaugural report. If you aren’t already familiar with the inaugural report, it was, as far as we’re aware, the first report to analyze cyber assets, asset categories, and security teams as closely as it did.

Each report contains valuable insights and analysis to help technology and security leaders understand their cyber asset landscape and attack surface better. As part of our commitment to making unified cyber insights a central part of your cybersecurity program, it’s our hope the SCAR will help security teams develop more effective security approaches thanks to a greater understanding of what they are tasked to protect. 

The volume of cyber assets is growing

This should come as no surprise to anyone who works in technology, or really in any area of business. The number of cyber assets is growing. In the 2023 SCAR, we found that the average security team is responsible for 393,419 cyber assets, a 133% increase over 165,000 in 2022.

Let’s stop for a moment to think about that. For inspiration, I looked back on my colleague Ashleigh’s blog announcing the SCAR last year, where she equated each cyber asset to a drop of water. It’s a colorful visualization and it serves to underscore the volume of cyber assets and the pressure this volume puts on security teams. 

What about the financial value (and pressure) of cyber assets? To follow Ashleigh’s use of analogies, let’s turn our eyes to the sky.

Cyber assets are valuable

The average number of cyber assets (393,419) is very close to the average distance between the earth and moon (382,500 kilometers). Given that it took the Apollo astronauts three days to fly there, that’s a hefty number, but it doesn’t tell the whole story.

The 2023 State of Cyber Assets Report calculates the mean value of each cyber asset to its organization, a simple equation: Total Number of Assets / Market Capitalization. The first part of that equation, the average number of cyber assets referenced previously, is 393,419 per organization. We used a cross-section of publicly available records to come up with the best estimate for the average market capitalization number. This value, $17,711, demonstrates that cyber assets are worth the effort to understand, prioritize, and protect.

Going back to our moon analogy, the first Apollo landing mission, Apollo 11, cost $355m in 1969. Adjusted for inflation to today’s value, that mission cost NASA roughly $3,700 per kilometer, round trip. Every cyber asset is worth nearly $14,000 more than a kilometer of flight to the moon.

To quote virtually everyone on social media who gets excited about a spike in any cryptocurrency’s value, “To the moon!” indeed.

Other interesting findings in the SCAR

The State of Cyber Assets Report is the culmination of deep analysis into some seriously large numbers. The findings in the report will hopefully give security leaders and practitioners some ‘a-ha!’ moments and offer perspective on their own security practices and methodology.

Here are just a few notable findings from the report:

  • Visibility across data sources. The average security team correlates data from 8.67 different security data sources. While more data might be construed as better or a sign of a mature security posture, that isn’t necessarily the case, and these teams are likely depending on more than just the attributed security data sources found during our research.
  • DATA and DEVICES top vulnerable superclasses. By far the most vulnerable of the superclasses, DATA and DEVICES collectively represent 96.35% of all unresolved security findings analyzed in the SCAR.
  • Multiple cloud accounts. On average, security teams at small organizations have over 171 AWS, GCP, and Azure accounts (including projects and subscriptions, to secure. Large organizations, on average, must secure 225 accounts across these services, and mid-sized organizations have over 559 cloud accounts to secure.

Over the coming weeks, we’ll welcome several members of our team to comment on specific findings from the 2023 State of Cyber Assets Report here on the blog. We’ll also be holding a webinar about the report on Wednesday, April 19 at 1PM EDT. Register today to reserve your seat and get access to the on-demand recording!

In the meantime, be sure to download your copy of the 2023 SCAR, and hopefully we’ll talk to you on April 19!

New call-to-action
Corey Tomlinson
Corey Tomlinson

Corey is a Senior Content Marketing Manager at JupiterOne. Since 2005, he's combined his interest and experience in technology, including working on the insider threat and digital forensics frontlines, with an array of storytelling and content creation skills.

Keep Reading

Proactive IAM Security: Transforming Identity Security with Actionable Insights | Okta Integration with JupiterOne
December 19, 2024
Blog
Unlocking Proactive Security: How Okta and JupiterOne Elevate IAM Insights

Unlock proactive IAM security with Okta and JupiterOne, gaining real-time insights, enforcing least privilege, and reducing risks in dynamic cloud environments.

Transitioning from Vulnerability Management to Exposure Management | JupiterOne
December 13, 2024
Blog
Transitioning from Vulnerability Management to Exposure Management with JupiterOne

Explore Gartner's latest report on Exposure Management and learn how your organization can prioritize vulnerabilities and minimize exposures.

The Ultimate CAASM Guide for 2025 | JupiterOne
November 20, 2024
Blog
The Ultimate CAASM Guide for 2025

Discover how Cyber Asset Attack Surface Management (CAASM) is providing enhanced visibility of internal and external assets in 2025.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.