The State of CMS Security 2022

There are a lot of factors that go into running a successful website. High-quality content, modern technology, and a great team are a few examples. However, there’s one aspect that needs to be strong for the rest of these factors to succeed: security. Without a solid foundation of safety, all of your careful work can be compromised in the blink of an eye.

As CMSs are the core of any web presence, their security is extremely important. But how effective are they at safeguarding content and keeping threats at bay? We at Storyblok searched for the answer with our report The State of CMS Security 2022. We polled 870 respondents from 5 countries to learn how people are addressing this critical area of content management.

Section titled 80% ranked security as very or extremely important 80% ranked security as very or extremely important

It’s no secret that security is important. As such, perhaps it’s not too surprising that 80% of our respondents acknowledge this. It’s because threats like these are far more than just annoying. They can lead to lost revenue, stolen data, and a huge decrease in customer trust.

One of the reasons for this large-scale recognition likely comes from how severely the same users rate the risks of a breach: respondents rated the consequences of the average threat as 63.6 / 100. This makes it clear that most risks don’t just cause minor hiccups. They can severely affect a company’s ability to do business, thus making security a top priority.

Section titled 64.3% worry about their CMS’s security 64.3% worry about their CMS’s security

Despite how important the respondents found security to be, 64.3% of them still worried about how their CMS was supporting their safety. However, we also found a seemingly contrasting piece of data: 78.1% of users thought that CMSs took security seriously enough.

So how can a large number of people both worry about and trust their CMS’s security? It may be due to the fact that security is simply so important that it’s hard not to worry about it regardless of a system’s best efforts. On the other hand, it could also indicate a fault on the part of CMSs. They may not be adequately describing how they handle security threats. This could mean that while they advertise safety in their systems, they are not being transparent about what specific steps are being taken.

Section titled 55.5% experience security threats on a monthly (or more frequent) basis 55.5% experience security threats on a monthly (or more frequent) basis

Security threats are constantly evolving. This is reflected in the frequency with which they occur - at least 55.5% monthly for the majority of the sample, with 7.4% even stating that they experience them daily. Combined with the earlier statistic that showed the average security threat ranks as 63.6 / 100 in terms of severity, it seems that users are aware that they need to be constantly defending themselves to prevent dire consequences.

It’s not enough to build a solid system anymore. This constant stream of threats supports the fact that CMSs need to provide up-to-date technology that can proactively prevent them rather than relying on the traditional reactive model. Without security practices as the foundation, CMSs could be putting their users at significant risk.

Section titled Want to learn more? Want to learn more?

This study shows that security threats are frequent, severe, and at the top of users’ minds. Unfortunately, many also don’t feel prepared to combat them. To learn more about what else we found, including what steps users are taking to protect themselves, you can download The State of CMS Security 2022. For more information on how Storyblok provides the safest experience possible, read about our ISO 27001 certification and what it means for our users.