Annual poll: single biggest security threat of the year

What will be the single biggest security threat of 2022?

Our annual poll to find out what security professionals think the single biggest security threat of the year will be.


Our annual survey to find the biggest security threat of the year is back. As in previous years, we asked security professionals a simple question: what will be the single biggest enterprise security threat of 2022? Responses varied from a single sentence to multiple paragraphs, and naturally, many individuals highlighted problems that related to their own industry or solution. Some respondents offered more than one response, where possible these have been split by theme.

Ransomware cited as biggest threat

Ransomware is security professionals' single biggest concern this year—up from second place last year and fourth place in 2020. But as many of our experts point out, ransomware has evolved, with concern is now focused on targeted ransomware, ransomware-as-a-service, and 'double extortion'. CEO and Co-Founder of Cybereason Lior Div explains: “Ransomware as a threat is already established and well known… The risk that doesn’t get enough attention, and that defenders need to understand, is that ransomware has evolved. It started out as a variant of traditional malware—just a different way for threat actors to make a profit when compromising a target. What we see today is not that simple. We now have ransomware cartels—like REvil, Conti, DarkSide, and others—and ransomware is not a piece of malware, but rather comprehensive ransomware operations, or RansomOps, where the execution of the ransomware itself is just the final piece of a much longer attack chain.”

Supply chain concerns continue

The SolarWinds hack in 2020 put the supply chain at top of mind for many security professionals, so it was unsurprising that it was cited as the third biggest threat in last year’s survey. This year, supply chain threats are in second place, with a number of experts expecting threat actors to target specific industries or organisations – such as a major cloud provider.   

To continue reading this article register now