Home Organization 79% of organizations identify threat modeling as a top priority in 2021

79% of organizations identify threat modeling as a top priority in 2021


Security Compass has released the results of a report designed to provide a better understanding of the current state of threat modeling in mid-size, $ 100 million to $ 999 million and large, $ 999 million enterprises. a billion dollars +, with a focus on the challenges to evolve threat modeling for the applications they build and deploy.

People directly involved in threat modeling efforts within their organizations provided insight into their company’s approach as well as gaps and vulnerabilities.

The most pressing issue uncovered by the study was the increasing priority given to threat modeling for business-created applications, coinciding with the belief that most or all of these efforts could be automated. Traditional threat modeling practices are historically slow and hamper an organization‘s goals of getting applications to market quickly.

Additionally, more than half of those surveyed reported problems when trying to integrate this essential process into their existing technologies. These gaps have contributed to the conclusion that less than half of organizations feel highly prepared for critical cybersecurity threats.

There is a clear need for more scalability and automation in threat modeling to balance rapid software development with secure software development.

Current performance of threat modeling approaches

  • Only 25% of survey respondents indicated that their organization performs threat modeling during the early stages of collecting and designing software development requirements, before proceeding with application development.
  • Less than 10% say their organizations perform threat modeling on 90% or more of the applications they develop. Most often, organizations test between 50% and 74% of their applications.

Lack of automation

  • Over 60% of organizations believe that all aspects of their organization’s threat modeling could be fully automated, but only 28% have reached this threshold.
  • More than half of organizations face challenges automating and integrating their threat modeling activities with other technologies, with 41% of respondents saying it takes too long.

Impact of COVID-19 and vulnerability of the supply chain

  • Over 80% of organizations have had to make moderate to significant changes to their approach to cybersecurity in the wake of COVID-19.
  • Supply chains can be particularly vulnerable, with over 84% of organizations reporting that they have made cybersecurity changes due to the vulnerability of the supply chain. However, 31% of companies model threats on less than half of the applications they develop in their supply chain.

“Software is used in almost every aspect of daily life, so it is essential that organizations are equipped with the resources to perform timely threat modeling on the applications they develop and deploy,” said Rohit. Sethi, CEO of Security Compass. “Threat modeling ensures that vulnerabilities are recognized and remedied before they become a problem. “