Report: Only 10% of orgs had higher budget for cybersecurity, despite increased threat landscape

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.

GitLab Inc.’s Sixth Annual Global DevSecOps Survey found that cybersecurity is the top priority and investment area for devops teams this year, but most organizations aren’t actually investing more money into their security programs. Only 10% of respondents report receiving additional budget for security — surprising after a year of increased cyberthreats.

Image source: GitLab.

Another source of tension: Developer and security professionals remain at odds over ownership of security and vulnerability identification. Half of security professionals report that developers are failing to identify cybersecurity issues -– attributing 75% of vulnerabilities to developers. 

Meanwhile, 70% of teams release code continuously, once a day, or every few days, and the seemingly conflicting goals of delivery speed and security exacerbate the difficulty security and developer teams face when collaborating.

As such, it is unsurprising that cybersecurity is now the number one area of investment -– even over cloud computing. But in order for developers to focus on identifying security issues, they need the right tools. And according to the survey, the current toolchain sprawl is not helping.


MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

Currently, 40% of developers spend between one quarter and one half of their time maintaining or integrating complex toolchains, which is more than double the percentage in 2021. That large of an increase over just one year is notable, indicating a growing problem for developers.

Toolchain consolidation significantly reduces the time developers need to spend maintaining their tools, meaning they can focus more time on identifying security issues and increasing transparency with their security teams. Similarly, having fewer tools protects against supply chain risks and means fewer vendor risk assessments, threat models, and potentially vulnerable third-party libraries and components, plus a reduced landscape of penetration tests and security scans.

A single platform makes shifting left easier for developers and security professionals alike while providing the investment in security needed to protect against the ever-changing threat landscape.


The survey, conducted in May 2022, consisted of 5,001 respondents, including developers, operations and cybersecurity practitioners and organizational leaders worldwide. The margin of error for the total sample (n=5001) is 1.4%.

Read the full report from GitLab.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.