Cybersecurity statistics about cmmc
Showing 1-20 of 24 results
The estimated number of defense contractors that require Level 2 certification is 80,000.
42% of contractors have submitted SPRS scores (a fundamental requirement for demonstrating compliance).
78% of defense contractors lack patch management solutions.
The number of organizations that currently hold final CMMC certificates is 270.
The approximate annual budget contractors are investing in compliance, as budgets have grown, is nearly $50,000.
The median SPRS score has improved from 20 in 2022’s inaugural report to 60 this year, but 17% of contractors still report negative scores, far below the required 110 benchmark.
79% of defense contractors lack vulnerability management solutions.
74% of defense contractors lack data leakage protection.
Only 1% of defense contractors report being fully prepared for the upcoming CMMC assessments.
30% of contractors completed medium or high assessments that would validate their actual security posture.
73% of defense contractors lack multi-factor authentication (MFA).
69% of contractors claim DFARS compliance through self-assessment.
Nearly 9 in 10 defense contractors have already suffered financial, reputational, or business losses due to cyber incidents.
11% of organizations actively pursuing CMMC 2.0 certification are in Europe.
51% of all organizations actively pursuing CMMC 2.0 certification managing international data flows report increased complexity in policy development and control implementation.
Only 38% of organizations over 20,000 employees actively pursuing CMMC 2.0 certification achieve top-tier encryption (76-100% coverage).
59% of mid-market firms (5,000-9,999 employees) actively pursuing CMMC 2.0 certification achieve top-tier encryption (76-100% coverage).
Vendor compliance ranks as the second-highest challenge for the organizations actively pursuing CMMC 2.0 certification (scoring 73 out of 100).
39% of organizations actively pursuing CMMC 2.0 certification cite vendor compliance as a top concern. This is 7 percentage points higher than non-CMMC organizations.
Only 22% of organizations actively pursuing CMMC 2.0 certification implement contractual security requirements with suppliers. This is below the 27% industry average.