Press release

The 2022 Cybersecurity Spending Survey Results Are In: Cybersecurity Budgets Are Increasing, Third-Party Risk Is The Top Risk Factor

In August 2022, UpGuard, the third-party risk and attack surface management platform, published the results of their 2022 Cybersecurity Spending Survey. UpGuard asked industry leaders worldwide how their organization’s cybersecurity budgets have adapted to the rapidly changing cyber landscape and constant economic fluctuations.

The anonymous survey covered topics including, but not limited to, which areas organizations were prioritizing their spending, which threat vectors were the most concerning, company and IT team sizes, and the overall confidence they had in their organization’s security posture.

The five main takeaways from the survey were:

  1. 72% of respondents anticipated their organization’s cybersecurity budget increasing over the next 3 years. Of the businesses that project expanded cybersecurity spending in their budgets, they predicted an average increase in budget of 70% over the next three years. Of that group, 28% predict at least a 100% increase in their company’s cybersecurity budget.
  2. 73% of organizations that responded reported cybersecurity budgets of over $100k, while about one-third of the respondents had cybersecurity budgets totaling over $500k.
  3. Despite larger company sizes (over 40% of the survey results had company sizes of over 1,000 people), 82% of respondents employed cybersecurity teams with 10 or fewer people, which could speak to the labor shortages and difficulty hiring cybersecurity professionals in this market. 
  4. When asked to rank the most concerning threat vectors in the future, third-party risk topped the list with over 70% viewing it as a major risk factor.

    The top 3 most concerning threat vectors were:

    - Third-party risk
    - Unsecured networks
    - Cloud hacking
  1. When asked to rate the strength of their company’s security posture, we found that non- UpGuard customers had just a rating of 3.1 out of 5. Comparatively, UpGuard customers had much more confidence in their organization’s security posture, with an average rating of 3.9 out of 5.

    Many responses with lower confidence scores mentioned that they had just discovered the need for cybersecurity, as awareness of their own vulnerabilities and attack vectors was still maturing. Only 26% of non-customers rated their company’s security posture as at least a 4 out of 5, while over 80% of UpGuard customers scored themselves a 4 or better.

"In a threat landscape where cyber attacks occur daily, it’s great to see businesses prioritizing budget for their cybersecurity tech stack,” said Kaushik Sen, Chief Marketing Officer at UpGuard. "It’s also gratifying to see that our customers have more confidence in their security posture, which is a testament to the value our product provides to them."

The full report is available for download at:

About UpGuard

UpGuard helps businesses manage cybersecurity risk. UpGuard’s integrated risk platform combines third-party risk management, security questionnaires, and threat intelligence capabilities to give businesses a full and comprehensive view of their attack surface.

Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.

UpGuard blog

Learn about the latest issues in cybersecurity.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating