The three threats were ranked in one global survey with a primary emphasis on healthcare, financial services, retail, technology, and government.

In a January 2022 survey of more than 2,700 executives with responsibility for or influence over IT and data security in 17 countries and working in organizations of 500 to 10,000 employees, a range of perspectives about data threats was found.

About one in five (21%) had experienced a ransomware attack in the last year; with 43% of those experiencing a significant impact on operations.

Some 22% of organizations in the survey indicated they had paid or would pay a ransom for their data if ransomed. Despite this, 41% of respondents indicated they had no plans to change security spending, even with greater ransomware impacts.

Other findings

Respondents were from 17 countries: Australia, Brazil, Canada, France, Germany, Hong Kong, India, Japan, Mexico, Netherlands, New Zealand, Singapore, South Korea, Sweden, the United Arab Emirates, the United Kingdom, and the United States.

Organizations in the sample represented a range of industries, with a primary emphasis on healthcare, financial services, retail, technology, and federal government. Job titles ranged from CEO; CFO; Chief Data Officer; CISO; Chief Data Scientist; and Chief Risk Officer; to SVP/VP; IT Administrator; Security Analyst; Security Engineer; and Systems Administrator.

The following findings were reported:

  • Globally, IT leaders in the survey ranked malware (56%), ransomware (53%) and phishing (40%) as the leading sources of security attacks. Also, 45% of IT leaders reported an increase in the volume, severity and/or scope of cyberattacks in the past 12 months.
  • 48% of respondents had implemented a formal ransomware plan. Healthcare was the most prepared (57%) with a formal ransomware plan; energy the least (44%).
  • 56% of IT leaders in the survey were very confident or had complete knowledge of where their data was being stored, down from 64% in a previous year’s survey. Only 25% of these leaders stated they were able to classify all their data amid adoption of multi-cloud strategies and hybrid work and the resultant data sprawl.
  • 29% of businesses in the survey experienced a breach in the past 12 months. Some 43% of IT leaders in the survey indicated they had failed a compliance audit
  • 34% of respondents indicated they used more than 50 Software-as-a-Service apps and 16% used more than 100 apps. However, 51% of IT leaders indicated that it was more complex to manage privacy and data protection regulations in a cloud environment than in on-premises networks within their organization—up from 46% in a previous year’s survey.
  • 32% of respondents indicated that around 50% of their workloads and data resided in external cloud platforms, and 23% reported more than 60%. However, 44% indicated that they had experienced a breach or failed an audit in their cloud environments.
  • 50% of respondents indicated that more than 40% of their sensitive data had been encrypted, and 22% indicated more than 60%.
  • 79% of respondents were still concerned about the security risks and threats posed by remote working. Of the IT leaders in the survey, 55% indicated having implemented multi-factor authentication, a figure unchanged from a previous year’s survey.
  • 26% of IT leaders indicated that broad cloud security toolsets were the greatest future spending priority. Additionally, 25% stated they were prioritizing key management, with 23% citing Zero Trust as an important strategy
  • Looking ahead, when asked to identify security threats from quantum computing, 52% of respondents indicated they were concerned with “tomorrow’s decryption of today’s data”, a concern that will likely be intensified by the increasing complexity of cloud environments.

Summing up, Sebastien Cano, Senior Vice President for Cloud Protection and Licensing, Thales, which commissioned the survey, said: “While teams around the world have continued to face challenges in securing their data, our findings indicate that urgent action is needed by businesses to develop more robust cybersecurity strategies. Attack surfaces, as well as asset management challenges, are only set to increase, and it is vital that businesses deploy a robust security strategy based on discovery, protection and control.”