An annual report highlights the latest threats, trends and emerging topics in data security. It is based on a survey of almost 3.000 (262 in Germany) IT and security experts in 18 countries and 37 industries.
This year's report found that 93% of IT professionals believe security threats are increasing in scope or severity, a significant increase from 47% last year. The number of companies affected by ransomware attacks increased by over 27% last year (32% in Germany). Despite this escalating threat, less than half of companies have a formal ransomware plan in place, with 8% (11% in Germany) of companies willing to pay the requested ransom.
Malware is the fastest growing threat in 2024: 41% (40% in Germany) of companies fell victim to a malware attack last year - closely followed by phishing and ransomware. Cloud resources, including SaaS applications, cloud-based storage and cloud infrastructure management, remain the primary targets for such attacks.
Human error
The report shows that human error is the leading cause of data breaches for the second year in a row, with 31% (31% in Germany) of companies citing this as the primary cause. These findings come from the 2024 Thales Data Threat Report conducted by 451 Research. The report sheds light on how organizations are adapting their data security strategies and practices in response to the changing threat landscape.
The research found that more than two-fifths (43%, 51% in Germany) of companies have failed a compliance audit in the last twelve months, with the report showing a clear link between compliance and data security.
Operational complexity causes data problems
Fundamental understanding of which systems, applications and data are at risk continues to lag due to changing regulations and threats. Only a third (33%, 35% in Germany) of companies are able to fully classify all their data. Furthermore, it is worrying that 16% (14% in Germany) say they classify very little or none of their data.
Operational complexity remains an obstacle. While the number of respondents reporting five or more key management systems has decreased (59% versus 67% last year), the average number has only decreased slightly (from 5,6% to 5,4%, 6,2% in Germany). The issue of data sovereignty is a top priority for companies because services are used across multiple clouds and global data protection regulations are changing. 14 percent (11% in Germany) of respondents stated that mandatory external key management is the most important means of achieving data sovereignty. 39% (41% in Germany) said data residency is no longer a problem as long as external encryption, key management and separation of duties are introduced.
Compliance is crucial
“Companies need to know exactly what they are trying to protect. With ever-changing global data protection regulations, they need to have a good overview of their entire organization to have any chance of being compliant,” said Sebastien Cano, senior vice president of cloud protection and licensing at Thales.
“One of the key findings from this year’s study is that compliance is critical. Companies that had a good handle on their compliance processes and passed all audits also had a lower risk of falling victim to a breach. It can be assumed that compliance and security functions will increasingly converge. This would represent a major positive step towards strengthening cyber defenses and building trust with customers,” added Cano.
Threat and opportunity
Looking ahead, the report also examined which emerging technologies are most important to IT and security professionals. 57 percent of those surveyed said that artificial intelligence (AI) was a major concern for them. This is closely followed by IoT (55%) and post-quantum cryptography (45%). 20 percent plan to integrate generative AI into their security products and services in the next 35 months, and a third (XNUMX%) plan to experiment with integrating this technology.
More at Thales.com
About Thales
Thales) is a global leader in cutting-edge technologies in three areas: defense and security, aerospace and digital identity and security. The company develops products and solutions that help make the world safer, greener and more inclusive. The group invests almost four billion euros annually in research and development, particularly in key areas such as quantum technologies, edge computing, 6G and cybersecurity.