Veritas Technologies, the leader in secure multi-cloud data management, today released findings of new research that shows 45% of global organisations may be miscalculating the severity of threats to their business.
The global study, Data Risk Management: The State of the Market—Cyber to Compliance, which polled 1,600 executives and IT practitioners across 13 global markets, provides insights into the most pressing risks, their impacts and how organisations plan to navigate them.
Despite risk factors like interest rates and inflation pressing hard on organisations, ransomware and multi-cloud complexity are also growing concerns for businesses of all kinds. However, when survey respondents were initially asked whether their organisations were currently at risk, almost half (48%) said no. But, after being presented with a list of individual risk factors, respondents of all levels recognised the challenges facing their organisations with 97% then identifying a risk to their organisation.
Given the macro landscape, survey responses are a clear reflection of the times. Global participants identified data security (46%), economic uncertainty (38%) and emerging technologies, such as AI (36%), as the top threats faced by their organisations today, from among an extensive list of possible hazards. Traditional threats like competition and a shortage of talent took fourth and fifth place.
AI is proving to be a double-edged sword for organisations. There have been numerous reports over recent months of bad actors adopting AI solutions to create more sophisticated and compelling ransomware attacks on businesses.
It has additionally been recognised as a risk factor for businesses who fail to put proper guardrails in place to stop employees from breaching data privacy regulations through the inappropriate use of generative AI tools. Conversely, AI is also tipped to be one of the best solutions for businesses to fight back against hackers, since its capabilities can be harnessed to automate the detection of, and response to, malicious activities.
In the UK, 82% of respondents admitted they had experienced a negative impact from risks, including reputational and financial harm. When asked which risks had resulted in actual damage to their organisations, data security ranked as one of the highest, with 33% of respondents attesting to related damages.
The effects of data security breaches were underscored by the number of UK organisations which have been hit by ransomware attacks. Half (51%) said that, over the past two years, their organisation had been the victim of at least one successful ransomware attack in which hackers were able to infiltrate their systems. Meanwhile, seven in ten (70%) believe data security risks have increased over the last 12 months.
UK businesses are fighting back though, as on average, data protection spending has increased by a third across all on-premises, private and public cloud environments over the past 12 months. The average UK company has also hired 21 new staff members across their data protection and security teams in the last 12 months, and 79% said staffing levels are now at an adequate level for keeping their organisation secure.
Barry Cashman, regional vice president, UKI, at Veritas Technologies stated: “UK businesses are facing a tsunami of risks. But it’s clear that strategic investment in technology and talent is offering some shelter from the storm. In addition to technical enhancement and talent acquisition, instilling a culture of tackling risks head-on – from new joiners to the C-suite – can help to ensure growth is met with resilience.”
For many respondents globally, the level of risk is rising. More (54%) were likely to say risks across the board have increased rather than decreased (21%) over the last 12 months. Yet, they may not fully appreciate their own vulnerabilities. This perception gap emerges in light of how organisations representing specific sectors assessed their risk, versus how their responses were scored via a risk rating scale.
Researchers assigned each respondent a “risk ranking” score based on their answers and what these revealed about their adherence to security best practices. While the public sector ranked as the most at-risk group globally, just 48% of those respondents rated themselves as being at risk. Similarly, only 52% of respondents from the energy, oil/gas and utilities sector viewed themselves at risk.
Along with staffing additions and increased data protection spending, organisations are exploring other ways to fortify their defences. Despite ranking AI and emerging technologies as a top risk, 68% are looking at AI and machine learning to boost security. Given AI’s dual nature as a force for both good and bad, the question going forward will be whether their organisations’ AI protection can evolve ahead of hackers’ AI attacks.
The research also appears to expose another chink in the armour with more than a third (38%) reporting that they have no data recovery plan in place or have only a partial plan. That presents cause for concern considering nearly half (48%) experienced data loss at least once in the past two years.
Cashman added, “As risk levels continue to rise with the evolving threat landscape, businesses must avoid being lulled into a false sense of security. The daily headlines around high-profile data breaches serve as a stark reminder that no business is exempt from such threats. Preparation is the key to resilience, and bolstering data security measures can help businesses navigate the challenges that lay ahead.”