Todd Moore | VP Encryption Products, Thales
Despite the economic and geopolitical instability in 2022, enterprises continued to invest in their operations and digital transformation. Organizations balanced security and privacy risks with opportunities opened by new technologies and business models. The 2023 Thales Global Data Threat Report survey, conducted by S&P Global Market Intelligence with nearly 3,000 respondents across 18 countries, illustrates how decision-makers ranging from senior executive leaders to individual practitioners manage this balance.
This article highlights the key findings of the report.
We are only human
Nearly half (47%) of the survey respondents say that attacks are increasing in volume or severity, similar to numbers reported in 2021 and 2022. Of those respondents seeing an increase in attacks, 59% report increases in malware, 48% an increase in ransomware, and 43% have seen a rise in phishing attacks.
However, the reported threat sources have been changing. While malicious insiders were a top concern in previous years, simple human error, misconfiguration, or other mistakes that can accidentally lead to breaches are identified as the leading cause of cloud data breaches. 55% of respondents who experienced a recent cloud data breach said human error is the #1 root cause of cloud data breaches.
On the bright side, there is clear evidence that more positive user behaviors emerge. While multi-factor authentication (MFA) adoption was stagnant at 55% for 2021 and 2022, in 2023, it jumped to 65%, highlighting how more stringent identification measures are gradually becoming standard practice. In broader terms, Identity and Access Management (IAM) has emerged as a top priority tool for preventing data breaches. 28% of respondents identified IAM as the leading security technology most effectively protecting sensitive data from cyberattacks.
Digital sovereignty is a strategic initiative
Although moving data benefits businesses in multiple ways, data protection and compliance in the cloud is more complex than on-premises, with the emergence of digital sovereignty adding further challenges.
Digital sovereignty represents a significant strategic opportunity for enterprises to optimize their systems and architectures while better-serving stakeholders and citizens.
When investigating how companies approach the concept of data sovereignty, the research revealed that most enterprises (96%) consider designating or changing the location or jurisdiction or full data encryption as acceptable measures to achieve various levels of digital sovereignty.
The changing regulatory environments and geopolitics will require excellent data security responsiveness. 83% of respondents are very or somewhat concerned that data sovereignty and privacy regulations will affect their organization’s cloud deployment plans.
However, only 65% of enterprises are ‘very confident’ or have ‘complete knowledge’ of their data’s location. In addition, 20% of enterprises have consistently been unable to classify their data, and 62% of respondents have five or more encryption key management systems, increasing complexity, burden, and vulnerability.
Security outcomes continue to lag
Multiple cloud adoption is a consistent trend across all previous reports. 79% of enterprises have production workloads in more than one public cloud, a percentage significantly greater than the 57% reported in 2021.
Like the 2022 report, 81% of respondents would trust their enterprise’s systems to secure and manage their data. This confidence level remains consistent among roles ranging from security practitioners to senior finance, legal and regulatory leaders.
However, this positive perspective must be aligned with reality since 37% said they had a breach in the last 12 months. And while 22% of respondents have experienced a ransomware attack, only 49% of enterprises use or have created a formal ransomware plan.
Risk awareness is rising
Risk awareness rises together with cloud adoption. Given the shifting of sensitive data toward the cloud and the greater concentration of sensitive data in the cloud, it is not surprising that respondents identify their cloud assets as the biggest targets for cyberattacks. 28% said the top attack targets were SaaS apps and cloud-based storage.
New technologies such as 5G, edge computing, and IoT redefine how computing infrastructure is provisioned, utilized, and secured. A new finding in this year’s report is that 77% of respondents report security concerns about 5G. Protecting the identities of people and things connected to 5G networks is said to be the most significant concern, followed by the security of data moving across 5G networks.
Finally, on the recurring topic of quantum computing risks, advances in post-quantum cryptography have shifted the interest from academia to real-world business. 62% of the respondents indicate that future decryption of today’s data — or harvest now, decrypt later (HNDL) — and network decryption are their greatest security concerns regarding quantum computing.
As organizations continue their digital transformation to become further data-driven, they must collaborate better on data security, citizen privacy, and digital sovereignty initiatives to choose their destiny. Robust data security enables enterprises to adopt new technologies that may serve new markets or satisfy internal growth.
Download the full Thales 2023 Thales Data Threat Report now.