Research Reveals Nearly Half of Organizations Underestimate Risk Level

Veritas Technologies, a provider of secure multi-cloud data management, recently released findings of new research that shows 45% of organizations may be miscalculating the severity of threats to their business. The study, Data Risk Management: The State of the Market—Cyber to Compliance, which polled 1,600 executives and IT practitioners across 13 global markets, provides insights into the most pressing risks, their impacts and how organizations plan to navigate them.

Despite risk factors like interest rates and inflation pressing hard on organizations, ransomware and multi-cloud complexity are also growing concerns for businesses of all kinds. However, when survey respondents were initially asked whether their organizations were currently at risk, almost half (48%) said no. But after being presented with a list of individual risk factors, respondents of all levels recognized the challenges facing their organizations, with 97% then identifying a risk to their organizations.

Notably, 15% of those surveyed did not believe their organizations could survive another 12 months given the risks they currently face. There was a disconnect, however, between the C-suite and those working in the trenches of protecting their organizations' data, which could point to a communications issue: 23% of senior executives predicted the demise of their organizations in the next year, compared to just 6% of analysts and technicians. Matt Waxman, senior vice president and general manager for data protection at Veritas, said: "The first step in addressing a problem is recognizing it's there. When the risks are laid out in black and white, it's hard to ignore the reality of today's complex business operating environment. The risks are everywhere and require constant vigilance. While an overwhelming majority of respondents ultimately acknowledged the presence of risks and most said they're taking steps to address them, the data suggests it may not be enough."

Clear and Present Danger

Given the macro landscape and daily news headlines, the survey responses are a clear reflection of the times. Participants identified data security (46%), economic uncertainty (38%) and emerging technologies, such as artificial intelligence (AI), (36%) as the top threats faced by their organizations today from among an extensive list of possible hazards. Traditional threats like competition and a shortage of talent took fourth and fifth place. Geopolitical instability fell even further down the list to seventh place.

AI is proving to be a double-edged sword for organizations. There have been numerous reports over recent months of bad actors adopting AI solutions to create more sophisticated and compelling ransomware attacks on organizations. It has additionally been recognized as a risk factor for businesses who fail to put proper guardrails in place to stop employees from breaching data privacy regulations through the inappropriate use of generative AI tools. Conversely, AI is also tipped to be one of the best solutions for businesses to fight back against hackers since its capabilities can be harnessed to automate the detection of, and response to, malicious activities.

Additionally, 87% of those surveyed admitted they had experienced a negative impact from risks, including reputational and financial harm. When asked which risks had resulted in actual damage to their organizations, data security was again highest, with 40% of respondents attesting to related damages. Economic uncertainty was the second most common risk to have affected organizations, with 36% having been hurt. Damages from competition came in third at 35% and emerging technologies, such as AI, at 33%.

The effects of data security breaches were underscored by the number of organizations who had been hit by ransomware attacks. A sizable majority (65%) said that over the past two years their organizations had been the victims of at least one successful ransomware attack in which hackers were able to infiltrate their systems. Twenty-six percent of those who experienced a successful attack said they did not report it. Breaches that caused a failure to comply with regulatory requirements cost respondents' organizations, on average, more than US$336,000 in regulatory compliance fines during the last year.

Caught in the Crosshairs

For many respondents, the level of risk is rising. More (54%) were likely to say risks to data security have increased rather than decreased (21%) over the last 12 months. Yet they may not fully appreciate their own vulnerabilities. This perception gap emerges in light of how organizations representing specific sectors assessed their risk versus how their responses were scored via a risk rating scale.

Researchers assigned each respondent a "risk ranking" score based on their answers and what these revealed about their adherence to security best practices. While the public sector ranked as the most at-risk group, just 48% of those respondents rated themselves as being at risk. Similarly, only 52% of respondents from the energy, oil/gas and utilities sector viewed themselves at risk.

Shoring Up Their Defenses, But Are they Doing Enough?

For organizations aiming to mitigate data security risks, many have increased their data protection budgets as much 30% over the last 12 months. The average data protection and security team size also grew by 21-22 staff members. Eighty-nine percent said staffing levels are now at an adequate level for keeping their organizations secure.

Along with staffing additions, organizations are exploring other ways to fortify their defenses. Despite ranking AI and emerging technologies as a top risk, 68% are looking at AI and machine learning to boost security. Given AI's dual nature as a force for both good and bad, the question going forward will be whether their organizations' AI protection can evolve ahead of hackers' AI attacks.

The research also appears to expose another chink in the armor with more than a third (38%) reporting that they have no data recovery plan in place or have only a partial plan. That presents cause for concern considering nearly half (48%) experienced data loss at least once in the past two years.

Waxman continued: "The caution is for organizations to avoid approaching their data security strategy with a false sense of confidence. The recent spate of high-profile data breaches has proven no organization is immune. If data is like gold dust, guard your treasure. Be prepared with a comprehensive cyber resiliency plan for protecting and recovering your data from edge to core to cloud. Rehearse the plan regularly and recalibrate as needed. Being forewarned is forearmed and by strengthening your data security posture, you can successfully navigate the risks."

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West
  • Live From ISC West 2024: Post-Show Recap

    ISC West 2024 is complete. And from start to finish, the entire conference was a huge success with almost 30,000 people in attendance. Read Now

    • Industry Events
    • ISC West
  • ISC West 2024 is a Rousing Success

    The 2024 ISC West security tradeshow marked a pivotal moment in the industry, showcasing cutting-edge technology and innovative solutions to address evolving security challenges. Exhibitors left the event with a profound sense of satisfaction, as they witnessed a high level of engagement from attendees and forged valuable connections with potential clients and partners. Read Now

    • Industry Events
    • ISC West

Featured Cybersecurity

Webinars

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3