According to new research by Storyblok, nearly a third (32%) of the world’s largest business websites suffer a security and/or data breach every single week due to their content management systems (CMS). 


Storyblok surveyed more than 500 professionals who personally use a CMS in the United States, U.K., Germany, Sweden and the Netherlands. The survey revealed the following security insights:


  • 69% of U.K. professionals worry about the security of their CMS, compared to a 64.3% global average 
  • 80% said security is extremely important or very important to them when choosing a CMS 
  • 32% said their CMS has new security issues at least once a week, for 7% of which it is a daily occurrence 
  • 46.4% had a CMS security issue affect their content 
  • 21.7% conduct security updates 5-9 times per month


CMS security problems spell out disaster and come at a high cost for enterprises. According to Forrester, “Losing data in a SaaS application because of insufficient data protection is every CISO’s and compliance officer’s nightmare. Mitigation costs can exceed $3 million to $3.5 million per incident — and that’s a conservative estimate.”


Because CMS are software suites that enable site administrators to easily manage websites’ design, functionality, and operations with minimal technical expertise, CMS are increasingly used by cyberattackers to carry out cyberattacks, such as distributed denial-of-service attacks, according to the U.S. Cybersecurity and Infrastructure Agency (CISA). 


Website administrators and security teams should generally strive to follow security practices — often made available by community efforts such as the Open Web Application Security Project (OWASP).