What Key Insights Does Splunk’s State of Security Report Reveal for Modern Security Teams?

Published on
September 28, 2025

Splunk’s inaugural State of Security Report compiles insights from 535 security leaders worldwide, offering a snapshot of today’s threat landscape and emerging priorities.

What is the Splunk State of Security Report and why does it matter?

The report aggregates responses from over 500 security executives, providing data‑driven benchmarks that help organizations gauge their own risk posture. By highlighting prevalent attack vectors and technology adoption rates, it serves as a roadmap for prioritizing investments. The findings are especially valuable for teams looking to align their strategies with industry‑wide trends.

How many security leaders contributed to the report?

Splunk surveyed 535 senior security professionals from a variety of sectors and regions. This broad sample ensures the results reflect a diverse set of challenges and approaches. The depth of the survey makes the data reliable for strategic planning.

What percentage of organizations experienced a major security incident recently?

According to the study, 84 % of respondents reported at least one significant security incident in the past two years. Email compromise topped the list, accounting for 42 % of incidents, followed by phishing scams at 33 %. These numbers underscore the continued relevance of email‑centric defenses.

Which attack vectors were most common?

Email compromise and phishing remain the leading entry points for attackers. The report also notes a rising concern about supply‑chain style attacks similar to SolarWinds, with 78 % of respondents fearing future incidents. However, only 23 % have revisited their mitigation strategies for such threats.

How concerned are organizations about supply‑chain attacks like SolarWinds?

While the majority anticipate more sophisticated supply‑chain attacks, a small fraction have actually updated their defenses. This gap highlights an opportunity for security teams to proactively address third‑party risk, especially through email authentication standards.

What role does machine learning play in today’s security plans?

Machine learning is rapidly being adopted, with 88 % of respondents either deploying or planning to deploy ML‑based security tools. These technologies help automate detection, reduce false positives, and accelerate response times. Integrating ML into a modern SOC can free analysts to focus on higher‑value investigations.

Which security priorities topped the list for respondents?

Cloud security emerged as the top priority for 41 % of participants, while identity management was highlighted by 12 %. Interestingly, email protection did not appear as a primary focus, despite its prevalence as an attack vector.

What are the top recommendations for modernizing a Security Operations Center?

Splunk advises organizations to adopt a zero‑trust mindset, automate routine tasks, and upgrade to modern SIEM platforms. Equally important is ongoing staff training and awareness programs to keep teams sharp. These steps collectively improve detection speed and reduce the impact of breaches.

Why is a consolidated data view critical for security teams?

A single source of truth eliminates data silos, enabling faster correlation of events across clouds, endpoints, and networks. Consolidation also simplifies compliance reporting and audit trails. Teams that centralize their telemetry can respond to incidents more efficiently.

How should organizations address supply‑chain and identity threats?

Implementing strict identity policies, continuous monitoring, and lateral‑movement detection are key defenses. Regularly vet third‑party vendors for DMARC compliance—starting with a p=none policy and progressing to stricter settings. Palisade can generate a detailed DMARC posture report for your supply chain.

What basic components should an email security program include?

A robust email security strategy consists of inbound protection (spam filtering, malware scanning), outbound protection (preventing data leaks), security awareness training for users, and continuously evolving best practices. Combining these layers reduces the likelihood of successful phishing or business‑email‑compromise attacks.

How can you verify a vendor’s DMARC posture?

Use Palisade’s free email security score to assess a vendor’s DMARC configuration. Start by ensuring they have a DMARC record with a “p=none” policy, then encourage stricter enforcement over time. Monitoring DMARC alignment helps protect both your organization and its partners.

Where can I get a free email security score from Palisade?

Visit Palisade’s Email Security Score page to run an instant assessment of your domain’s authentication health, including DMARC, DKIM, and SPF. The tool provides actionable recommendations to improve your email defenses.

How does BIMI improve brand trust in email?

Brand Indicators for Message Identification (BIMI) displays a verified logo next to authenticated emails, boosting recipient confidence. Palisade offers a simple BIMI setup guide to help you get started. A visible brand logo can increase open rates and reduce phishing success.

What steps should I take to start improving my organization’s email security?

Begin with a baseline assessment using Palisade’s email security score. Implement DMARC with a “p=none” policy, then move to “quarantine” and eventually “reject” as you refine alignment. Ensure DKIM signing and SPF records are correctly configured, and consider adding BIMI for brand reinforcement. Finally, educate users through regular security awareness training.

Quick Takeaways

  • 84 % of organizations faced a major incident in the last two years, with email compromise leading.
  • 78 % worry about SolarWinds‑style supply‑chain attacks, yet only 23 % have updated defenses.
  • 88 % are adopting machine‑learning‑driven security tools.
  • Cloud security is the top priority, but email protection remains under‑emphasized.
  • Modernizing the SOC requires zero‑trust, automation, and continuous staff training.
  • Consolidated data views enable faster detection and response.
  • Start with DMARC “p=none”, then progress to stricter policies using Palisade’s tools.

FAQs

  1. What is the primary focus of Splunk’s State of Security Report? The report provides a data‑driven overview of current threat trends, technology adoption, and strategic recommendations from over 500 security leaders.
  2. Why is email compromise still the leading attack vector? Email remains a universal communication channel, making it an attractive entry point for phishing, credential theft, and business‑email‑compromise schemes.
  3. How can I quickly assess my organization’s email authentication? Use Palisade’s free Email Security Score to evaluate DMARC, DKIM, and SPF settings.
  4. What is BIMI and should I implement it? BIMI adds a verified brand logo to authenticated emails, increasing trust and engagement. Palisade can guide you through setup.
  5. What’s the first step toward a stronger SOC? Adopt zero‑trust principles, automate repetitive tasks with modern SIEM solutions, and invest in ongoing security awareness training for your analysts.
Published on
September 29, 2025
Author
Samuel Chenard - Founder & CEO
Email Performance Score
Improve results with AI- no technical skills required

Related articles

Latest insights and expert advice

Why is DMARC Vital for the Banking Industry?

How Do Gmail’s New Blue Verified Checkmarks Impact BIMI Adoption?

What Are the Top Email Security Tips for Small Businesses?

All posts

What Key Insights Does Splunk’s State of Security Report Reveal for Modern Security Teams?

Published on
September 29, 2025
Table of Contents
This is also a heading
This is a heading
Contributors
No items found.
Subscribe to our newsletter
Read about our privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Splunk’s inaugural State of Security Report compiles insights from 535 security leaders worldwide, offering a snapshot of today’s threat landscape and emerging priorities.

What is the Splunk State of Security Report and why does it matter?

The report aggregates responses from over 500 security executives, providing data‑driven benchmarks that help organizations gauge their own risk posture. By highlighting prevalent attack vectors and technology adoption rates, it serves as a roadmap for prioritizing investments. The findings are especially valuable for teams looking to align their strategies with industry‑wide trends.

How many security leaders contributed to the report?

Splunk surveyed 535 senior security professionals from a variety of sectors and regions. This broad sample ensures the results reflect a diverse set of challenges and approaches. The depth of the survey makes the data reliable for strategic planning.

What percentage of organizations experienced a major security incident recently?

According to the study, 84 % of respondents reported at least one significant security incident in the past two years. Email compromise topped the list, accounting for 42 % of incidents, followed by phishing scams at 33 %. These numbers underscore the continued relevance of email‑centric defenses.

Which attack vectors were most common?

Email compromise and phishing remain the leading entry points for attackers. The report also notes a rising concern about supply‑chain style attacks similar to SolarWinds, with 78 % of respondents fearing future incidents. However, only 23 % have revisited their mitigation strategies for such threats.

How concerned are organizations about supply‑chain attacks like SolarWinds?

While the majority anticipate more sophisticated supply‑chain attacks, a small fraction have actually updated their defenses. This gap highlights an opportunity for security teams to proactively address third‑party risk, especially through email authentication standards.

What role does machine learning play in today’s security plans?

Machine learning is rapidly being adopted, with 88 % of respondents either deploying or planning to deploy ML‑based security tools. These technologies help automate detection, reduce false positives, and accelerate response times. Integrating ML into a modern SOC can free analysts to focus on higher‑value investigations.

Which security priorities topped the list for respondents?

Cloud security emerged as the top priority for 41 % of participants, while identity management was highlighted by 12 %. Interestingly, email protection did not appear as a primary focus, despite its prevalence as an attack vector.

What are the top recommendations for modernizing a Security Operations Center?

Splunk advises organizations to adopt a zero‑trust mindset, automate routine tasks, and upgrade to modern SIEM platforms. Equally important is ongoing staff training and awareness programs to keep teams sharp. These steps collectively improve detection speed and reduce the impact of breaches.

Why is a consolidated data view critical for security teams?

A single source of truth eliminates data silos, enabling faster correlation of events across clouds, endpoints, and networks. Consolidation also simplifies compliance reporting and audit trails. Teams that centralize their telemetry can respond to incidents more efficiently.

How should organizations address supply‑chain and identity threats?

Implementing strict identity policies, continuous monitoring, and lateral‑movement detection are key defenses. Regularly vet third‑party vendors for DMARC compliance—starting with a p=none policy and progressing to stricter settings. Palisade can generate a detailed DMARC posture report for your supply chain.

What basic components should an email security program include?

A robust email security strategy consists of inbound protection (spam filtering, malware scanning), outbound protection (preventing data leaks), security awareness training for users, and continuously evolving best practices. Combining these layers reduces the likelihood of successful phishing or business‑email‑compromise attacks.

How can you verify a vendor’s DMARC posture?

Use Palisade’s free email security score to assess a vendor’s DMARC configuration. Start by ensuring they have a DMARC record with a “p=none” policy, then encourage stricter enforcement over time. Monitoring DMARC alignment helps protect both your organization and its partners.

Where can I get a free email security score from Palisade?

Visit Palisade’s Email Security Score page to run an instant assessment of your domain’s authentication health, including DMARC, DKIM, and SPF. The tool provides actionable recommendations to improve your email defenses.

How does BIMI improve brand trust in email?

Brand Indicators for Message Identification (BIMI) displays a verified logo next to authenticated emails, boosting recipient confidence. Palisade offers a simple BIMI setup guide to help you get started. A visible brand logo can increase open rates and reduce phishing success.

What steps should I take to start improving my organization’s email security?

Begin with a baseline assessment using Palisade’s email security score. Implement DMARC with a “p=none” policy, then move to “quarantine” and eventually “reject” as you refine alignment. Ensure DKIM signing and SPF records are correctly configured, and consider adding BIMI for brand reinforcement. Finally, educate users through regular security awareness training.

Quick Takeaways

  • 84 % of organizations faced a major incident in the last two years, with email compromise leading.
  • 78 % worry about SolarWinds‑style supply‑chain attacks, yet only 23 % have updated defenses.
  • 88 % are adopting machine‑learning‑driven security tools.
  • Cloud security is the top priority, but email protection remains under‑emphasized.
  • Modernizing the SOC requires zero‑trust, automation, and continuous staff training.
  • Consolidated data views enable faster detection and response.
  • Start with DMARC “p=none”, then progress to stricter policies using Palisade’s tools.

FAQs

  1. What is the primary focus of Splunk’s State of Security Report? The report provides a data‑driven overview of current threat trends, technology adoption, and strategic recommendations from over 500 security leaders.
  2. Why is email compromise still the leading attack vector? Email remains a universal communication channel, making it an attractive entry point for phishing, credential theft, and business‑email‑compromise schemes.
  3. How can I quickly assess my organization’s email authentication? Use Palisade’s free Email Security Score to evaluate DMARC, DKIM, and SPF settings.
  4. What is BIMI and should I implement it? BIMI adds a verified brand logo to authenticated emails, increasing trust and engagement. Palisade can guide you through setup.
  5. What’s the first step toward a stronger SOC? Adopt zero‑trust principles, automate repetitive tasks with modern SIEM solutions, and invest in ongoing security awareness training for your analysts.