Cyberstats

Security Intelligence

VendorsCyberSheath

CyberSheath

Cybersecurity reports and statistics published by CyberSheath

8 categories1 reports

Research Reports

Reports and publications from CyberSheath

From Readiness to Reality: The 2025 State of the DIB on CMMC Compliance

Recent Statistics & Reports

The estimated number of defense contractors that require Level 2 certification is 80,000.

42% of contractors have submitted SPRS scores (a fundamental requirement for demonstrating compliance).

78% of defense contractors lack patch management solutions.

CMMC Security tools Patch management

The number of organizations that currently hold final CMMC certificates is 270.

The approximate annual budget contractors are investing in compliance, as budgets have grown, is nearly $50,000.

CMMC Investment Budgets

The median SPRS score has improved from 20 in 2022’s inaugural report to 60 this year, but 17% of contractors still report negative scores, far below the required 110 benchmark.

79% of defense contractors lack vulnerability management solutions.

CMMC Security tools Vulnerability management

74% of defense contractors lack data leakage protection.

CMMC Security tools Data leakage protection

Only 1% of defense contractors report being fully prepared for the upcoming CMMC assessments.

30% of contractors completed medium or high assessments that would validate their actual security posture.

CMMC Security posture

73% of defense contractors lack multi-factor authentication (MFA).

CMMC Security tools MFA

69% of contractors claim DFARS compliance through self-assessment.

Nearly 9 in 10 defense contractors have already suffered financial, reputational, or business losses due to cyber incidents.

CMMC Cyber attack consequences

Top Categories

4

2

Patch management

1

1

1

1

Vulnerability management

Related Vendors

Rubrik Zero Labs