New Veritas Research Reveals Nearly Half of Organizations Underestimate Their Level of Risk

Top risks include data security, economic uncertainty and emerging technologies such as AI

SINGAPORE, Oct. 18, 2023 /PRNewswire/ — Veritas Technologies, the leader in secure multi-cloud data management, today released findings of new research that shows 45% of organizations may be miscalculating the severity of threats to their business. The study, Data Risk Management: The State of the Market—Cyber to Compliance, which polled 1,600 executives and IT practitioners across 13 global markets, provides insights into the most pressing risks, their impacts and how organizations plan to navigate them.

Despite risk factors like interest rates and inflation pressing hard on organizations, ransomware and multi-cloud complexity are also growing concerns for businesses of all kinds. However, when survey respondents were initially asked whether their organizations were currently at risk, almost half (48%) said no. But after being presented with a list of individual risk factors, respondents of all levels recognized the challenges facing their organizations, with 97% then identifying a risk to their organizations.

Notably, 15% of those surveyed did not believe their organizations could survive another 12 months given the risks they currently face. There was a disconnect, however, between the C-suite and those working in the trenches of protecting their organizations’ data, which could point to a communications issue: 23% of senior executives predicted the demise of their organizations in the next year, compared to just 6% of analysts and technicians.

Matt Waxman, senior vice president and general manager for data protection at Veritas, said: “The first step in addressing a problem is recognizing it’s there. When the risks are laid out in black and white, it’s hard to ignore the reality of today’s complex business operating environment. The risks are everywhere and require constant vigilance. While an overwhelming majority of respondents ultimately acknowledged the presence of risks and most said they’re taking steps to address them, the data suggests it may not be enough.”

Clear and present danger

Given the macro landscape and daily news headlines, the survey responses are a clear reflection of the times. Participants identified data security (46%), economic uncertainty (38%) and emerging technologies, such as artificial intelligence (AI), (36%) as the top threats faced by their organizations today from among an extensive list of possible hazards. Traditional threats like competition and a shortage of talent took fourth and fifth place. Geopolitical instability fell even further down the list to seventh place.

AI is proving to be a double-edged sword for organizations. There have been numerous reports over recent months of bad actors adopting AI solutions to create more sophisticated and compelling ransomware attacks on organizations. It has additionally been recognized as a risk factor for businesses who fail to put proper guardrails in place to stop employees from breaching data privacy regulations through the inappropriate use of generative AI tools. Conversely, AI is also tipped to be one of the best solutions for businesses to fight back against hackers since its capabilities can be harnessed to automate the detection of, and response to, malicious activities.

Additionally, 87% of those surveyed admitted they had experienced a negative impact from risks, including reputational and financial harm. When asked which risks had resulted in actual damage to their organizations, data security was again highest, with 40% of respondents attesting to related damages. Economic uncertainty was the second most common risk to have affected organizations, with 36% having been hurt. Damages from competition came in third at 35% and emerging technologies, such as AI, at 33%.

The effects of data security breaches were underscored by the number of organizations who had been hit by ransomware attacks. A sizable majority (65%) said that over the past two years their organizations had been the victims of at least one successful ransomware attack in which hackers were able to infiltrate their systems. Twenty-six percent of those who experienced a successful attack said they did not report it. Breaches that caused a failure to comply with regulatory requirements cost respondents’ organizations, on average, more than US$336,000 in regulatory compliance fines during the last year.

Caught in the crosshairs 

For many respondents, the level of risk is rising. More (54%) were likely to say risks to data security have increased rather than decreased (21%) over the last 12 months. Yet they may not fully appreciate their own vulnerabilities. This perception gap emerges in light of how organizations representing specific sectors assessed their risk versus how their responses were scored via a risk rating scale.

Researchers assigned each respondent a “risk ranking” score based on their answers and what these revealed about their adherence to security best practices. While the public sector ranked as the most at-risk group, just 48% of those respondents rated themselves as being at risk. Similarly, only 52% of respondents from the energy, oil/gas and utilities sector viewed themselves at risk.

Most at-risk sectors

Most at-risk countries/regions

1

Public sector

1

UK

2

Energy, oil/gas and utilities

2

France

3

Media, leisure and entertainment

3

China

4

Construction and property

4

Singapore

5

Manufacturing and production

5

Japan

6

IT, technology and telecom

6

US

7

Business and professional services

7

Australia

8

Financial services

8

Nordics

9

Healthcare

9

DACH

10

Biopharma

10

India

Shoring up their defenses, but are they doing enough?

For organizations aiming to mitigate data security risks, many have increased their data protection budgets as much 30% over the last 12 months. The average data protection and security team size also grew by 21-22 staff members. Eighty-nine percent said staffing levels are now at an adequate level for keeping their organizations secure.

Along with staffing additions, organizations are exploring other ways to fortify their defenses. Despite ranking AI and emerging technologies as a top risk, 68% are looking at AI and machine learning to boost security. Given AI’s dual nature as a force for both good and bad, the question going forward will be whether their organizations’ AI protection can evolve ahead of hackers’ AI attacks.

The research also appears to expose another chink in the armor with more than a third (38%) reporting that they have no data recovery plan in place or have only a partial plan. That presents cause for concern considering nearly half (48%) experienced data loss at least once in the past two years.

Waxman continued: “The caution is for organizations to avoid approaching their data security strategy with a false sense of confidence. The recent spate of high-profile data breaches has proven no organization is immune. If data is like gold dust, guard your treasure. Be prepared with a comprehensive cyber resiliency plan for protecting and recovering your data from edge to core to cloud. Rehearse the plan regularly and recalibrate as needed. Being forewarned is forearmed and by strengthening your data security posture, you can successfully navigate the risks.”

For more survey findings, download the report: Data Risk Management: The State of the Market—Cyber to Compliance.

Research methodology

Veritas commissioned Vanson Bourne to survey 1,600 respondents in August and September 2023 across Australia, Brazil, China, the DACH region, France, India, Japan, the Nordics, Singapore, South Korea, the United Arab Emirates, the United Kingdom and the United States. Respondents held executive or practitioner level positions in organizations of at least 1,000 employees from any sector.

About Veritas

Veritas Technologies is the leader in secure multi-cloud data management. Over 80,000 customers—including 91% of the Fortune 100—rely on Veritas to help ensure the protection, recoverability and compliance of their data. Veritas has a reputation for reliability at scale, which delivers the resilience its customers need against the disruptions threatened by cyberattacks, like ransomware. No other vendor is able to match Veritas’ ability to execute, with support for 800+ data sources, 100+ operating systems and 1,400+ storage targets through a single, unified approach. Powered by Cloud Scale Technology, Veritas is delivering today on its strategy for Autonomous Data Management that reduces operational overhead while delivering greater value. Learn more at veritas.com. Follow us on X at @veritastechllc

Veritas and the Veritas Logo are trademarks or registered trademarks of Veritas Technologies LLC or its affiliates in the US and other countries. Other names may be trademarks of their respective owners.