RSA Survey: Ransomware Takes Back Seat to Cloud Security as Biggest Concern

An RSA Conference USA survey shows cloud security – not ransomware – is more worrisome this year.

Delinea conducted the survey, polling over 100 cybersecurity professionals at the San Francisco conference. It asked attendees about their top concerns for cybersecurity in 2022. It also asked where they stand when it comes to cyber insurance and cyber hygiene practices.

The RSA survey found cloud security (37%) is the main cybersecurity concern in 2022, more than ransomware (19%) and remote workers (17%).

Joseph Carson is Delinea‘s chief security scientist and advisory CISO. He said this finding is surprising.

Delinea’s Joseph Carson

“I think we expected both to be in top three, but ransomware has dominated conversations and headlines over the past few years,” he said. “This could be a sign that organizations have been focused on ransomware so much recently that they feel like they may have bolstered that sufficiently to now pivot focus to cloud security.”

Another Surprising Finding

Four in five (80%) respondents at RSA claim their organization hasn’t been breached in the past 12 months. This positive response may be due to the increased cyber hygiene practiced amongst employees. For example, 59% of respondents claim to not use the same password on multiple accounts. Moreover, nearly two-thirds said they use multifactor authentication (MFA) whenever available.

Carson said this finding also was surprising.

“The respondents are from cybersecurity vendors and are not experiencing successful breaches, or they are out of touch with reality,” he said.

When asked about incident response readiness, cyber insurance factored prominently with 41% of respondents saying their organization has or is strongly considering arming themselves with cyber insurance.

“One challenge will likely be the growing demand for cyber insurance and the strict requirements to actually become insured,” Carson said. “Cyber insurance companies have a huge list of cybersecurity qualifications companies need to satisfy to even be considered for a policy, and often requires surpassing just the check boxes. Most companies may find they cannot satisfy the strict criteria to qualify, or get an affordable option.”

It’s encouraging to see most respondents using MFA, he said.

“This shows that MFA has become easier to use and less burdensome to the user, and they understand it’s importance as an additional verification and protective step,” Carson said. “Likewise, it’s very encouraging that almost 60% of respondents say they do not use the same password for multiple accounts. This likely indicates that more people are using password managers and generally have better password hygiene.”