Research Reveals Nearly Half of Organizations Underestimate Risk Level

  • Oct 20, 2023

Veritas Technologies, a provider of secure multi-cloud data management, recently released findings of new research that shows 45% of organizations may be miscalculating the severity of threats to their business. The study, Data Risk Management: The State of the Market—Cyber to Compliance, which polled 1,600 executives and IT practitioners across 13 global markets, provides insights into the most pressing risks, their impacts and how organizations plan to navigate them.

Despite risk factors like interest rates and inflation pressing hard on organizations, ransomware and multi-cloud complexity are also growing concerns for businesses of all kinds. However, when survey respondents were initially asked whether their organizations were currently at risk, almost half (48%) said no. But after being presented with a list of individual risk factors, respondents of all levels recognized the challenges facing their organizations, with 97% then identifying a risk to their organizations.

Notably, 15% of those surveyed did not believe their organizations could survive another 12 months given the risks they currently face. There was a disconnect, however, between the C-suite and those working in the trenches of protecting their organizations' data, which could point to a communications issue: 23% of senior executives predicted the demise of their organizations in the next year, compared to just 6% of analysts and technicians. Matt Waxman, senior vice president and general manager for data protection at Veritas, said: "The first step in addressing a problem is recognizing it's there. When the risks are laid out in black and white, it's hard to ignore the reality of today's complex business operating environment. The risks are everywhere and require constant vigilance. While an overwhelming majority of respondents ultimately acknowledged the presence of risks and most said they're taking steps to address them, the data suggests it may not be enough."

Clear and Present Danger

Given the macro landscape and daily news headlines, the survey responses are a clear reflection of the times. Participants identified data security (46%), economic uncertainty (38%) and emerging technologies, such as artificial intelligence (AI), (36%) as the top threats faced by their organizations today from among an extensive list of possible hazards. Traditional threats like competition and a shortage of talent took fourth and fifth place. Geopolitical instability fell even further down the list to seventh place.

AI is proving to be a double-edged sword for organizations. There have been numerous reports over recent months of bad actors adopting AI solutions to create more sophisticated and compelling ransomware attacks on organizations. It has additionally been recognized as a risk factor for businesses who fail to put proper guardrails in place to stop employees from breaching data privacy regulations through the inappropriate use of generative AI tools. Conversely, AI is also tipped to be one of the best solutions for businesses to fight back against hackers since its capabilities can be harnessed to automate the detection of, and response to, malicious activities.

Additionally, 87% of those surveyed admitted they had experienced a negative impact from risks, including reputational and financial harm. When asked which risks had resulted in actual damage to their organizations, data security was again highest, with 40% of respondents attesting to related damages. Economic uncertainty was the second most common risk to have affected organizations, with 36% having been hurt. Damages from competition came in third at 35% and emerging technologies, such as AI, at 33%.

The effects of data security breaches were underscored by the number of organizations who had been hit by ransomware attacks. A sizable majority (65%) said that over the past two years their organizations had been the victims of at least one successful ransomware attack in which hackers were able to infiltrate their systems. Twenty-six percent of those who experienced a successful attack said they did not report it. Breaches that caused a failure to comply with regulatory requirements cost respondents' organizations, on average, more than US$336,000 in regulatory compliance fines during the last year.

Caught in the Crosshairs

For many respondents, the level of risk is rising. More (54%) were likely to say risks to data security have increased rather than decreased (21%) over the last 12 months. Yet they may not fully appreciate their own vulnerabilities. This perception gap emerges in light of how organizations representing specific sectors assessed their risk versus how their responses were scored via a risk rating scale.

Researchers assigned each respondent a "risk ranking" score based on their answers and what these revealed about their adherence to security best practices. While the public sector ranked as the most at-risk group, just 48% of those respondents rated themselves as being at risk. Similarly, only 52% of respondents from the energy, oil/gas and utilities sector viewed themselves at risk.

Shoring Up Their Defenses, But Are they Doing Enough?

For organizations aiming to mitigate data security risks, many have increased their data protection budgets as much 30% over the last 12 months. The average data protection and security team size also grew by 21-22 staff members. Eighty-nine percent said staffing levels are now at an adequate level for keeping their organizations secure.

Along with staffing additions, organizations are exploring other ways to fortify their defenses. Despite ranking AI and emerging technologies as a top risk, 68% are looking at AI and machine learning to boost security. Given AI's dual nature as a force for both good and bad, the question going forward will be whether their organizations' AI protection can evolve ahead of hackers' AI attacks.

The research also appears to expose another chink in the armor with more than a third (38%) reporting that they have no data recovery plan in place or have only a partial plan. That presents cause for concern considering nearly half (48%) experienced data loss at least once in the past two years.

Waxman continued: "The caution is for organizations to avoid approaching their data security strategy with a false sense of confidence. The recent spate of high-profile data breaches has proven no organization is immune. If data is like gold dust, guard your treasure. Be prepared with a comprehensive cyber resiliency plan for protecting and recovering your data from edge to core to cloud. Rehearse the plan regularly and recalibrate as needed. Being forewarned is forearmed and by strengthening your data security posture, you can successfully navigate the risks."

Featured

  • Accelerating a Pathway

    There is a new trend touting the transformational qualities of AI’s ability to deliver actionable data and predictive analysis that in many instances, seems to be a bit of an overpromise. The reality is that very few solutions in the cyber-physical security (CPS) space live up to this high expectation with the one exception being the new generation of Physical Identity and Access Management (PIAM) software – herein recategorized as PIAM+. Read Now

  • Protecting Your Zones

    It is game day. You can feel the crowd’s energy. In the parking lot. At the gate. In the stadium. On the concourse. Fans are eager to party. Food and merchandise vendors ready themselves for the rush. Read Now

  • Street Smarts

    The ongoing acceptance of AI and advanced data analytics has allowed surveillance camera technology to shift from being a tactical tool to a strategic business solution. Combining traditional surveillance technology with AI-based data-driven insights can streamline transportation systems, enhance traffic management, improve situational awareness, optimize resource allocation and streamline emergency response procedures. Read Now

  • The Progress of Biometrics

  • Next-Gen AI for Smart Cities

    The future of smart city technology is not being shaped in Silicon Valley — it is taking root in Dubuque, Iowa. With a population of about 60,000, this mid-sized city has become a live testbed for AI-driven traffic management thanks to a unique public-private collaboration led by Milestone Systems. Project Hafnia demonstrates how cities can transform urban mobility and safety through Responsible Technology—without costly infrastructure overhauls. Read Now

Most   Popular

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.