With Cloud Service Attacks on the Rise, Only 48% of Enterprise Security Leaders Say Their Threat Defenses Are Effective

Scale Venture Partners’ 2023 Cybersecurity Perspectives Survey reflects what CISOs are up against and how tools like AI/ML fit into the mix

In the 2023 Cybersecurity Perspectives Survey from Scale Venture Partners, it is reported that security incidents, especially those involving cloud services, are escalating. At the same time, organizations are grappling with a lack of sufficient cybersecurity staff, while they increasingly lean on AI/ML tools, despite recognizing their potential risks. (Graphic: Business Wire)

FOSTER CITY, Calif.--()--Scale Venture Partners, an early-stage VC fund focused on intelligent business software for enterprise, today announced the findings of its 10th annual Cybersecurity Perspectives Survey. The survey measured responses of hundreds of senior cybersecurity leaders, CISOs, CIOs, VPs, directors and IT managers to delve into the latest security trends.

This year, security leaders shared that although the number of successful ransomware attacks and data breach attempts fell by 30% over the last year, the number of reported security incident types at organizations increased. In fact, 71% of organizations experienced three or more types of security incidents, a 51% increase year-over-year. With staff shortages persisting, security teams continue to face an uphill battle protecting their networks, particularly given how quickly the cloud landscape is evolving.

“The shift to the cloud has been a long journey and attackers are taking advantage now that employees regularly log into multiple cloud services, often from outside the traditional enterprise network perimeter,” said Ariel Tseitlin, Partner at Scale Venture Partners and an avid investor in the cloud and security industries. “Without a strong perimeter, identity becomes the most important and effective way to manage security. That’s where companies most devote resources– both human and machine. Companies are realizing this shift, as IAM has become crucial to security plans for 2024.”

Key Findings

Cloud service attacks were the most common type of incident:

  • Half (50%) of the organizations surveyed experienced at least one incident against a cloud service over the last 12 months.
  • A growing number of cloud services were compromised due to an attack against a third party (43% this survey period versus 37% the year prior), which represented a 16% year-over-year increase.
  • There was also a 58% increase in the number of firms compromised by phishing attacks that resulted in stolen employee credentials via cloud services.

Supply chain software and AI models emerge as risks:

  • Tracked for the first time this year, software supply chain compromise was the fourth most frequently occurring attack at 34% of firms.
  • In its survey debut, AI model attack or compromise incidents occurred at 20% of companies within the last 12 months, taking this category of attack out of the theoretical and into reality.
  • As AI/ML models become more commonplace within organizations, 49% of security leaders worried about threat actors poisoning those AI/ML models to bypass security protections.

Cybersecurity talent remains scarce:

  • Security leaders continued to struggle to find security professionals with the required cybersecurity skills, with 57% of firms indicating the biggest barrier to achieving their desired security posture was not enough security personnel, up significantly from 42% last year.
  • Sixty percent of security leaders identified cloud security the most difficult role to fill on their teams.
  • Security teams reported being overwhelmed with too many alerts and too many tools, forcing organizations to strike the right balance between budgeting to attract and retain skilled cybersecurity talent as well as deploying more effective cybersecurity solutions.
  • More than 60% leveraged security tools with AI /ML capabilities to offset talent shortages, with 79% of security leaders believing AI/ML will be “important” or “extremely important” for improving their security posture by 2024.

Moving Forward

To successfully safeguard systems and applications, security teams are prioritizing their next steps. The survey yielded insight into how they plan to approach security moving forward:

  • Network security was named a primary cybersecurity spending priority, followed closely by Identity and access management (IAM), which ranked #2, surging from #8 last year. Cloud infrastructure security rounded out the top three.
  • Eighty-three percent of firms intend to enforce existing security policies more strictly this year to address their security challenges.
  • Additionally, 62% reported investing in tools to automate manual security processes to identify, contain, and remediate the most urgent cybersecurity threats.

To learn more about Scale’s cloud security thesis, please visit www.scalevp.com. The 10th annual Cybersecurity Perspectives Survey can be accessed here.

About the Scale Cybersecurity Perspectives Survey

Scale Venture Partners commissioned Everclear Marketing and Osterman Research to conduct a survey of 300 security leaders in the United States who are responsible for buying decisions, the success of security deployments, or the overall security of the company. The web-based survey was fielded May 9-13, 2023, focused on the 12 months prior and 12 months upcoming, with a +/- 2.21% margin of error.

You can view Scale’s past Cybersecurity Perspectives reports here:
2023 | 2022 | 2021 | 2020 | 2019 | 2018 | 2017

About Scale Venture Partners

Scale is a Silicon Valley-based venture capital firm that invests in the future leaders of enterprise software. We were early investors in SaaS pioneers like Box, DocuSign, HubSpot, RingCentral, and Bill.com and continue that tradition with investments in transformational business software from companies like JFrog, WalkMe, CircleCI, KeepTruckin, BigID, and Lever. Our Scale Studio platform leverages an unrivaled dataset of 800+ successful startups to give founders benchmarks on their company's "Vital Signs" -- the growth and operating metrics that matter most. Learn more about our people, portfolio, and perspectives at www.scalevp.com.


Leigh Disher


Leigh Disher