New research from Thales has found that malware, ransomware, and phishing continue to plague global organizations. In fact, one in five respondents globally (21%) have experienced a ransomware attack, with 43% of those experiencing a significant impact on operations. Twenty-two percent of respondents worldwide said they have paid or would pay a ransom for their data. Within the U.S., 24% of respondents said they have paid or would pay.
The report noted some improvement in companies’ abilities to prevent breaches, but there remains a lot of work to be done. This year, 52% of surveyed respondents identified a breach in their operational history, and 35% of those experienced a breach in the last 12 months, compared to 56% and 41%, respectively, last year.
The accelerated move to the cloud is also causing more complexity and risk. According to the report, 34% of organizations are using more than 50 SaaS applications. However, 51% of respondents said it is more complex to manage privacy and data protection regulations in a cloud environment than in on-premises networks. In addition, only 22% of respondents said they have more than 60% of their sensitive data encrypted in the cloud.
Despite another year of adjustment, security professionals overall continue to be uneasy about the security of remote workers. Seventy-nine of respondents expressed some level of concern about the security risks/threats of remote working.
IT leaders are also increasingly aware of the future challenges on the horizon. Looking ahead, when asked to identify security threats from quantum computing, 52% said they were concerned with ‘tomorrow’s decryption of today’s data,’ a concern that will likely be intensified by the increasing complexity of cloud environments.
The 2022 Thales Global Data Threat Report was based on a global 451 Research survey, fielded in January 2022 and commissioned by Thales, of more than 2,700 executives with responsibility for or influence over IT and data security. In the U.S., Thales surveyed 511 IT decision makers. Organizations represented a range of industries, with a primary emphasis on healthcare, financial services, retail, technology, and federal government. Job titles ranged from C-level executives (including CEO, CFO, chief data officer, CISO, chief data scientist, and chief risk officer) to senior vice president and vice president, IT administrator, security analyst, security engineer, and systems administrator. Respondents represented a broad range of organizational sizes, with the majority ranging from 500 to 10,000 employees.