After analyzing more than 370 million assets at nearly 1,300 organizations, JupiterOne revealed the current state of enterprise cybersecurity assets, including cloud workloads, devices, networks, applications, data and users. 

Key findings in the 2022 State of Cyber Assets Report (2022 SCAR) include:

1. The Expanding Attack Surface Puts Organizations At Risk

 As more assets are deployed into enterprise production environments, companies face an increased risk of cyberattacks that starts by exploiting unknown, unmanaged, or poorly managed internet-facing assets. The modern attack surface has grown too large and complex for security professionals to manage using traditional, manual approaches to the asset lifecycle.

2. Security Teams Have Too Many Assets to Secure

Security teams are fatigued and understaffed as they have many assets to inventory, manage and secure across a cloud-based organization. The report found that, on average, modern security teams are responsible for more than 165,000 cybersecurity assets, including cloud workloads, devices, network assets, applications, data assets, and users. With cybersecurity talent in short supply, organizations need to help their existing teams become more efficient.

3. Cloud is Huge and is Here to Stay

Nearly 90% of device assets in the modern organization are cloud-based, meaning physical devices such as laptops, tablets, smartphones, routers, and IoT hardware represent less than 10 percent of total devices. Cloud network assets outnumber physical networks by a ratio of nearly 60:1, yet an analysis of nearly 10 million security policies found that cloud-specific ones represent less than 30% of the total.

4. Understanding Asset Relationships Provides An Opportunity For Improvement

Most security teams pay little attention to the indirect relationships between users, devices, networks, and critical data. Data, including critical and sensitive information, is among the most related assets, with 105 million first-degree relationships (i.e., direct access from) to users, apps, devices, and workloads. The analysis also uncovered nearly 45 million relationships between security findings, indicating that many security backlogs contain findings identified as critical vulnerabilities or policy exceptions, which leads to the average security team being blind to some security risks, and many are under-resourced or under-skilled to fully understand the risk of potential compromises.

To help security teams gain true visibility of their cybersecurity asset landscape and relationships, organizations need to invest in cloud-native security tools that allow for automation and data-driven decision-making.

To access more findings, please visit