Security leaders were surveyed by Scale Venture Partners on recent security trends. The survey measured responses of senior cybersecurity leaders, CISOs, CIOs, VPs, directors and IT managers.

This year, security leaders shared that although the number of successful ransomware attacks and data breach attempts fell by 30% over the last year, the number of reported security incident types at organizations increased. Seventy-one percent of organizations experienced three or more types of security incidents, a 51% increase year-over-year.

Half (50%) of the organizations surveyed experienced at least one incident against a cloud service over the last 12 months. A growing number of cloud services were compromised due to an attack against a third party (43% this survey period versus 37% the year prior), which represented a 16% year-over-year increase. There was also a 58% increase in the number of firms compromised by phishing attacks that resulted in stolen employee credentials via cloud services.

Software supply chain compromise was the fourth most frequently occurring attack at 34% of firms. AI model attack or compromise incidents occurred at 20% of companies within the last 12 months. As AI/ML models become more commonplace within organizations, 49% of security leaders worried about threat actors poisoning those AI/ML models to bypass security protections.

Security leaders continued to struggle to find security professionals with the required cybersecurity skills, with 57% of firms indicating the biggest barrier to achieving their desired security posture was not enough security personnel, up significantly from 42% last year. Sixty percent of security leaders identified cloud security the most difficult role to fill on their teams. Security teams reported being overwhelmed with too many alerts and too many tools, forcing organizations to strike the right balance between budgeting to attract and retain skilled cybersecurity talent as well as deploying more effective cybersecurity solutions. More than 60% leveraged security tools with AI/ML capabilities to offset talent shortages, with 79% of security leaders believing AI/ML will be “important” or “extremely important” for improving their security posture by 2024.

Network security was named a primary cybersecurity spending priority, followed closely by identity and access management (IAM). Cloud infrastructure security rounded out the top three. Eighty-three percent of firms intend to enforce existing security policies more strictly this year to address their security challenges. Additionally, 62% reported investing in tools to automate manual security processes to identify, contain and remediate the most urgent cybersecurity threats.

Read the full report here.