Security Compass Releases Report: 2022 Application Security in the Mid-Market

Amidst budget, time, and skills constraints, study finds mid-market companies are looking to automation and integration to speed up security and compliance processes

TORONTO – May 23, 2022 –  Security Compass, a leading cybersecurity solution provider, today published the results of a new research report, “2022 Application Security in the Mid-Market”. The study was designed to provide a comprehensive look at the current state of application security and security maturity in the mid-market, including the challenges and opportunities growing companies face when trying to scale their secure development efforts.

Mid-market organizations face a variety of challenges when implementing DevSecOps within their organizations. Facing obstacles such as budget constraints, navigating legal and regulatory requirements, lack of organizational agility, and weak skill sets, companies are looking to automation and integration tools to speed up their security and compliance processes. According to the 2022 Application Security in the Mid-Market report, proactive application security, JITT and automation can provide significant benefits to organizations and demonstrates how organizations can increase their overall efficiency, without sacrificing security in the process.

Key takeaways from the report include:

  • Over 90% of mid-market companies use internal consultants in the development and documentation of application security requirements. Nearly two-thirds (62%) of those using external consultants spend over $250,000 a year on these services.
  • 96% of mid-market companies would be interested in a solution that automates proactive security and compliance processes; 90% of companies still don’t invest in toolsets for tracking, despite their benefits, and are instead using manual spreadsheets.
  • Mid-market companies could benefit from tools integration: 66% employ five to nine tools in their software development pipeline, with another 23% using upwards of 10 tools.
  • 35% of mid-market companies deliver secure coding practices through Google Docs and 24% do so over email. These methods are prone to error and are also at risk of not being up to date with security regulations and standards.
  • 39% of respondents reported that their teams spent anywhere from seven to 13 days each year researching and maintaining knowledge of the latest cybersecurity standards and regulations, and 27% of respondents spent upwards of 14 days annually.

“There is a consensus among mid-market companies that tracking inherited security compliance can speed up the software development life cycle, yet the majority of these companies still rely on manual spreadsheets for their tracking,” said Trevor Young, Chief Product Officer, Security Compass. “We were surprised to learn through this study that developers at nearly half of the participating companies only spend 3-4 days per year focused on learning new secure coding practices or refreshing their general best practices. Our hope is that this report will shed light on the benefits of automation and ways to address the challenges of scaling security and compliance processes.”

For more information, and to view the full 2022 Application Security in the Mid-Market research report. For more information about Security Compass, please visit

About the Survey
Security Compass commissioned Golfdale Consulting to conduct this survey research project. The survey was conducted in March 2022 and was based on 150 respondents from the US (85%) and Canada (15%). Respondents that were surveyed came from companies that ranged from $100 million to $1 billion in size, and produce their own software. Of these individuals, 80% were from the tech industry and 85% were employed as managers or above. All respondents must have had, or been included in, the process of building an application security program.

About Security Compass
Security Compass, a pioneer in application security, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows. Its flagship product, SD Elements, helps organizations accelerate software time to market and reduce cyber risks by taking an automated, developer-centric approach to threat modeling, secure development, and compliance. Security Compass is the trusted solution provider to leading financial and technology organizations, the U.S. Department of Defense, government agencies, and renowned global brands across multiple industries. For more information, please visit

Media Contacts
Henry Ruff
LaunchTech Communications
[email protected]