Research Reveals Nearly Half of Organizations Underestimate Risk Level

Veritas Technologies, a provider of secure multi-cloud data management, recently released findings of new research that shows 45% of organizations may be miscalculating the severity of threats to their business. The study, Data Risk Management: The State of the Market—Cyber to Compliance, which polled 1,600 executives and IT practitioners across 13 global markets, provides insights into the most pressing risks, their impacts and how organizations plan to navigate them.

Despite risk factors like interest rates and inflation pressing hard on organizations, ransomware and multi-cloud complexity are also growing concerns for businesses of all kinds. However, when survey respondents were initially asked whether their organizations were currently at risk, almost half (48%) said no. But after being presented with a list of individual risk factors, respondents of all levels recognized the challenges facing their organizations, with 97% then identifying a risk to their organizations.

Notably, 15% of those surveyed did not believe their organizations could survive another 12 months given the risks they currently face. There was a disconnect, however, between the C-suite and those working in the trenches of protecting their organizations' data, which could point to a communications issue: 23% of senior executives predicted the demise of their organizations in the next year, compared to just 6% of analysts and technicians. Matt Waxman, senior vice president and general manager for data protection at Veritas, said: "The first step in addressing a problem is recognizing it's there. When the risks are laid out in black and white, it's hard to ignore the reality of today's complex business operating environment. The risks are everywhere and require constant vigilance. While an overwhelming majority of respondents ultimately acknowledged the presence of risks and most said they're taking steps to address them, the data suggests it may not be enough."

Clear and Present Danger

Given the macro landscape and daily news headlines, the survey responses are a clear reflection of the times. Participants identified data security (46%), economic uncertainty (38%) and emerging technologies, such as artificial intelligence (AI), (36%) as the top threats faced by their organizations today from among an extensive list of possible hazards. Traditional threats like competition and a shortage of talent took fourth and fifth place. Geopolitical instability fell even further down the list to seventh place.

AI is proving to be a double-edged sword for organizations. There have been numerous reports over recent months of bad actors adopting AI solutions to create more sophisticated and compelling ransomware attacks on organizations. It has additionally been recognized as a risk factor for businesses who fail to put proper guardrails in place to stop employees from breaching data privacy regulations through the inappropriate use of generative AI tools. Conversely, AI is also tipped to be one of the best solutions for businesses to fight back against hackers since its capabilities can be harnessed to automate the detection of, and response to, malicious activities.

Additionally, 87% of those surveyed admitted they had experienced a negative impact from risks, including reputational and financial harm. When asked which risks had resulted in actual damage to their organizations, data security was again highest, with 40% of respondents attesting to related damages. Economic uncertainty was the second most common risk to have affected organizations, with 36% having been hurt. Damages from competition came in third at 35% and emerging technologies, such as AI, at 33%.

The effects of data security breaches were underscored by the number of organizations who had been hit by ransomware attacks. A sizable majority (65%) said that over the past two years their organizations had been the victims of at least one successful ransomware attack in which hackers were able to infiltrate their systems. Twenty-six percent of those who experienced a successful attack said they did not report it. Breaches that caused a failure to comply with regulatory requirements cost respondents' organizations, on average, more than US$336,000 in regulatory compliance fines during the last year.

Caught in the Crosshairs

For many respondents, the level of risk is rising. More (54%) were likely to say risks to data security have increased rather than decreased (21%) over the last 12 months. Yet they may not fully appreciate their own vulnerabilities. This perception gap emerges in light of how organizations representing specific sectors assessed their risk versus how their responses were scored via a risk rating scale.

Researchers assigned each respondent a "risk ranking" score based on their answers and what these revealed about their adherence to security best practices. While the public sector ranked as the most at-risk group, just 48% of those respondents rated themselves as being at risk. Similarly, only 52% of respondents from the energy, oil/gas and utilities sector viewed themselves at risk.

Shoring Up Their Defenses, But Are they Doing Enough?

For organizations aiming to mitigate data security risks, many have increased their data protection budgets as much 30% over the last 12 months. The average data protection and security team size also grew by 21-22 staff members. Eighty-nine percent said staffing levels are now at an adequate level for keeping their organizations secure.

Along with staffing additions, organizations are exploring other ways to fortify their defenses. Despite ranking AI and emerging technologies as a top risk, 68% are looking at AI and machine learning to boost security. Given AI's dual nature as a force for both good and bad, the question going forward will be whether their organizations' AI protection can evolve ahead of hackers' AI attacks.

The research also appears to expose another chink in the armor with more than a third (38%) reporting that they have no data recovery plan in place or have only a partial plan. That presents cause for concern considering nearly half (48%) experienced data loss at least once in the past two years.

Waxman continued: "The caution is for organizations to avoid approaching their data security strategy with a false sense of confidence. The recent spate of high-profile data breaches has proven no organization is immune. If data is like gold dust, guard your treasure. Be prepared with a comprehensive cyber resiliency plan for protecting and recovering your data from edge to core to cloud. Rehearse the plan regularly and recalibrate as needed. Being forewarned is forearmed and by strengthening your data security posture, you can successfully navigate the risks."


  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Survey: Only 13 Percent of Research Institutions Are Prepared for AI

    A new survey commissioned by SHI International and Dell Technologies underscores the transformative potential of artificial intelligence (AI) while exposing significant gaps in preparedness at many research institutions. Read Now

  • Survey: 70 Percent of Organizations Have Established Dedicated SaaS Security Teams

    Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams, despite economic uncertainty and workforce reductions. This was a key finding in the fourth Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities released today by the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

  • Mobile Applications Are Empowering Security Personnel

    From real-time surveillance and access control management to remote monitoring and communications, a new generation of mobile applications is empowering security personnel to protect people and places. Mobile applications for physical security systems are emerging as indispensable tools to enhance safety. They also offer many features that are reshaping how modern security professionals approach their work. Read Now

Featured Cybersecurity


New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3