Malware stands out as the fastest-growing threat of 2024

93% of IT professionals believe security threats are increasing in volume or severity, a significant rise from 47% last year, according to Thales.

The number of enterprises experiencing ransomware attacks surged by over 27% in the past year. Despite this escalating threat, less than half of organizations have a formal ransomware plan in place, with 8% resorting to paying the ransom demands.

Human error persists as major data breach factor

Malware stands out as the fastest-growing threat of 2024, with 41% of enterprises witnessing a malware attack in the past year – closely followed by phishing and ransomware. Cloud assets, including SaaS applications, cloud-based storage, and cloud infrastructure management, remain the primary targets for such attacks.

The report shows that for a second year running, human error remains the leading cause of data breaches, with 31% of enterprises pinpointing this as the root cause.

The research found that 43% of enterprises failed a compliance audit in the past twelve months – with the report highlighting a very clear correlation between compliance and data security.

Of those that had failed a compliance audit in the past twelve months, 31% had experienced a breach that very same year. This compares to just 3% of those who had passed compliance audits.

Fundamental understanding of what systems, applications, and data are at risk continue to lag due to changing regulatory and threat landscapes. 33% of organizations are able to fully classify all of their data, with a worrying 16% stating that they classify very little or none of their data.

Operational complexity remains a barrier

While the number of respondents reporting five or more key management systems is down (53% versus 62% last year), the average number declined only slightly (from 5.6 to 5.4).

The reality of multicloud across services and changing global data privacy regulations means that data sovereignty is a leading priority for businesses, with 28% identifying mandatory external key management as the leading way to achieve sovereignty. 39% said that data residency would no longer be an issue provided that external encryption, key management, and separation of duties were implemented.

“Enterprises need to know exactly what they’re trying to protect. With global data privacy regulations continually changing, they need to have good visibility across their organization to stand any chance of staying compliant,” said Sebastien Cano, SVP at Thales Cloud Protection and Licensing.

“If there’s one key takeaway from this year’s study, it’s that compliance is key. In fact, companies that had a good hold over their compliance processes and passed all their audits were also less likely to suffer a breach. We’ll start to see more compliance and security functions coming together. This would be a huge positive step to strengthen cyber defenses and build trust with customers,” added Cano.

Looking ahead, the report also explored which emerging technologies are top-of-mind for IT and security professionals, with 57% identifying AI as a huge source of concern. This was closely followed by IoT (55%) and post quantum cryptography (45%).

That said, enterprises are also looking at the opportunities that emerging technologies bring, with 22% planning to integrate generative AI into their security products and services in the next 12 months, and 33% planning to experiment integrating the technology.