Information Services Group (ISG) released a report on cybersecurity practices of security leaders. The report finds that the U.S. security landscape changed significantly in 2022, with breaches declining in number but increasing in size and the federal government tightening compliance rules.

Small and medium businesses, often linked to large enterprises through supply chains, are now recognizing their exposure to threats and investing in managed security services. Digital maturity, more than size, determines how U.S. companies approach cybersecurity, ISG says.

Many chief information security officers (CISOs) are now trying to derive more value from existing investments, the report says. Among other things, enterprises are investing in risk assessments, outsourcing more services and seeking integrated solutions such as security service edge (SSE) and extended detection and response (XDR). As C-level executives become more aware of the need for cyber resilience, security investments have expanded beyond detection and response to include rapid recovery and business continuity.

As attackers increasingly target specific industries, such as healthcare, utilities, automotive and education, organizations are looking for cybersecurity solutions that align better with threats, attack vectors and regulations in their own sectors, the report says.

The report also explores other U.S. cybersecurity trends, including the impact of remote and hybrid work and the growing adoption of zero-trust security frameworks and secure access service edge (SASE).

Read the full report here.