With fewer resources and staff, it’s difficult to construct and maintain security teams, properly vet potential tools, and consistently monitor complex computing environments. Nearly one in three companies with fewer than 50 employees conduct no security audit when purchasing software. Together, these figures demonstrate many security risks are not being addressed, at least as quickly as they should be. Without these initiatives in a mature state, companies are risking exposure from an enormous, unmonitored attack surface. So while there has been progress over the past few years, it appears some of the urgency to update security systems is waning. Fifty-six percent of respondents said they have used software tools that have not been approved or vetted for security by their IT or infosec team, commonly referred to as shadow IT. This is especially true for small businesses. . This trend appears more present in North American markets (62%) and slightly less in the EMEA (54%) and APAC (48%) markets. North American businesses prefer to purchase software with a credit card (56%). APAC and EMEA respondents had the smallest percentage of software purchased with a credit card (40% and 41% respectively). It appears APAC markets are ahead in terms of avoiding shadow IT, if only slightly. Attack surfaces aren’t expanding solely because of unsafe procurement practices. In addition to the rapidly growing number of remote workers across the world, it’s becoming easier to use unapproved and unsecure software without knowing. 2022 G2 Software Buyer Behavior Report 13