Survey: Cybersecurity requires risk-based management approach

  • About ServiceNow
  • Trends and Research
  • Cybersecurity and Risk
  • 2022
  • Lana Gates
May 19, 2022

Cybersecurity: man sits on train bench with a tablet

We’ve entered a new era of cyber risk where cybersecurity is no longer just an IT issue, according to findings from a May 2022 ThoughtLab global survey co-sponsored by ServiceNow. Although cyberattacks and breaches are increasing, many organizations are unprepared to respond. 

The problems come down to three main areas: 

  1. Extended attack surface through partners and suppliers
  2. Cyber risk initiatives not up to date with digital transformation
  3. Budget constraints

Denial of service and phishing attacks account for the lion’s share of cyberthreats today, at 49% and 46% of attacks, respectively. In the next two years, phishing attacks will continue to be a problem, posing the highest risk for 50% of the 1,200 worldwide organizations surveyed across 14 industries. But denial of service will be less of a threat (31%) in the subsequent 24 months, surpassed by human error (44%) and ransomware (40%).

Misconfigurations across applications, systems, platforms, and servers—and neglecting to put new default settings in place—can create dangerous pathways for hackers. - Cybersecurity Solutions for a Riskier World, ThoughtLab, May 2022

The cybersecurity landscape

To counter these attacks, organizations should harden their systems to prevent cybercriminals from ever breaching them. This requires detailed attention to IT infrastructure and platforms. Although human error is the main cause of today’s largest breaches, misconfigurations will pose the biggest risk over the the next two years, according to the survey.

“Misconfigurations across applications, systems, platforms, and servers—and neglecting to put new default settings in place—can create dangerous pathways for hackers,” the report notes. 

Organizations know they need stronger security, but budget constraints prevent them from investing in cybersecurity technologies. Businesses also struggle with identifying key risks and detecting and responding to incidents. 

Despite these challenges, many organizations have succeeded in establishing governance and risk assessment. And more than half of the respondents surveyed have invested in protective technology (55%) and data security (52%). Where organizations come up short is in awareness and training. Investments in this area could help curb breaches due to human error.

Risk-based management aligns security priorities with the business and helps security leaders become more strategic in their views and outcomes. - Barbara Kay, Sr. Dir., Product Mktg., Risk, Security, ESG, ServiceNow

Bolstering security

Nearly 60% of organizations have successfully implemented cyberthreat detection processes. Yet, it takes an average 128 days to detect a breach, according to the study. To ramp up security initiatives, organizations need to move from the detection phase to continuous monitoring

Beyond that, the best way forward is through a risk-based approach involving:

  • Regular risk assessment

  • Advanced analysis

  • Enterprise-wide risk management

  • Proactive risk mitigation

"Risk-based management aligns security priorities with the business and helps security leaders become more strategic in their views and outcomes,” explains Barbara Kay, senior director of product marketing, risk, security, and ESG at ServiceNow. 

Nearly half (43%) of surveyed organizations have adopted a risk-based approach to date. 

Gain more insights in the ThoughtLab report, including 10 best practices to boost your cybersecurity performance.

© 2022 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.


  • 4 ServiceNow employees who worked on support case creation and auto-agent workflows
    Now on Now
    Streamlining support case creation and administration
    When customer feedback revealed areas ripe for improvement, ServiceNow employees listened and upgraded two support workflows: case creation and auto-agent.
  • Scaled Agile Framework (SAFe): business man looking at phone while standing on bridge overlooking a city
    IT Management
    How the Scaled Agile Framework (SAFe) truly supports business
    The Scaled Agile Framework (SAFe) delivery model can help IT leaders manage the transition from a stability-focused to a continuously evolving infrastructure.
  • The role of the manager: a manager and employee in conversation on a couch
    Employee Experience
    4 ways Manager Hub simplifies the role of the manager
    As the connective tissue between an organization and its employees, the role of the manager is more complex, and more important, than ever before. Learn more.

Trends & Research

  • Total experience companies outperform: prism refraction with an arrow pointing to the right
    Employee Experience
    Survey says: Total experience-focused companies outperform
  • Customer service: smiling businessman on phone walking outdoors
    Customer Experience
    Survey: 3 tips to deliver world-class customer service
  • Enterprise SRE (site reliability engineering): where service reliability and business agility meet
    Application Development
    Service quality and the rising need for enterprise SRE