One in five businesses will pay a ransom for their data, finds Thales

Sebastien Cano, Senior Vice President for Cloud Protection and Licensing activities at Thales

New research from Thales has found that malware, ransomware and phishing continues to plague global organisations. In fact, one in five (21%) have experienced a ransomware attack in the last year; with 43% of those experiencing a significant impact on operations.

First seen in the late 1980’s, with the PC Cyborg Virus, the frequency of ransomware attacks has accelerated due to the rise of crypto as the preferred ransomware payment method.

The 2022 Thales Data Threat Report, conducted by 451 Research, part of S&P Global Market Intelligence, including more than 2,700 IT decision-makers worldwide, found 22% of firms admit that they have paid or would pay a ransom for their data. 41% of respondents said they had no plans to change security spending, even with greater ransomware impacts.

Less than half of respondents (48%) have implemented a formal ransomware plan. Healthcare was the most prepared at 57% with a formal ransomware plan; energy the least at 44%. Despite both sectors experiencing significant breaches over the past twelve months.

Data visibility is a challenge

As companies adopt multicloud strategies and hybrid work remains the norm, IT leaders are challenged by the sprawl of data across their firms and find it difficult to locate all of the data.

56% of IT leaders were very confident of where their data was being stored, down from 64% the previous year, and 25% stated they were able to classify all their data.

Threats and compliance challenges

In 2021, security incidents remained high, with 29% of businesses experiencing a breach in the past 12 months. 43% of IT Leaders admitted to having failed a compliance audit.

IT leaders ranked malware (56%), ransomware (53%) and phishing (40%) as the leading source of security attacks. Managing these risks is an ongoing challenge, with 45% of IT leaders reporting an increase, severity and/or scope of cyberattacks in the past 12 months.

The cloud is increasing complexity and risk

Cloud adoption is increasing with more 34% of respondents saying they used more than 50 Software as a Service (SaaS) apps and 16% used more than 100 apps. However, 51% of IT leaders agreed that it is complex to manage privacy and data protection regulations in a cloud environment than in on-premises networks within their firm, up from 46% last year.

The 2022 Data Threat Report also revealed significant momentum amongst businesses to store data in the cloud, with 32% of respondents stating that around half of their workloads and data resides in external clouds, and a quarter (23%) reporting more than 60%. 44% reported that they had experienced a breach or failed an audit in their cloud environments.

Additionally, the use of encryption to protect sensitive data is low, with 50% disclosing that more than 40% of their sensitive data has been encrypted, and a fifth (22%) stating more than 60%. Representing a significant ongoing risk for businesses.

Remote work worries

Another full year of remote working demonstrated that navigating security risks is proving a significant challenge for businesses. Worryingly, 79% are still concerned about the security risks and threats that posed by remote working. Only 55% reported to have implemented multi factor authentication (MFA), a figure unchanged from the previous year.

Threats on the horizon

The report also showed that IT leaders have significant diversity of spending technology priorities – suggesting they are serious about tackling complex threat environments.

A quarter (26%) of respondents stated that broad cloud security toolsets are the greatest future spending priority. Additionally, a similar number of IT leaders (25%) stated they were prioritising key management, with Zero Trust an important strategy for 23%.

IT leaders are also increasingly aware of the future challenges on the horizon. Looking ahead, when asked to identify security threats from quantum computing, 52% of the respondents said they were concerned with ‘tomorrow’s decryption of today’s data’, a concern that will likely be intensified by the increasing complexity of cloud environments.

Sebastien Cano, Senior Vice President for Cloud Protection and Licensing activities at Thales, comments: “As the pandemic continues to affect both our business and personal lives, any expectation of a ‘return’ to pre-pandemic conditions have faded.”

“Whilst teams have continued to face challenges in securing their data, our findings indicate that urgent action is needed by businesses to develop more robust cybersecurity strategies.”

“The asset management challenges, are only set to increase in the coming year, and it is vital that businesses deploy robust security strategy based on discovery, protection and control.”

Thales and 451 Research will discuss the findings of this Global Data Threat Report in more detail during a webinar on 31 March 2022. To join, please visit the registration page.

About the 2022 Thales Global Data Threat Report

The 2022 Thales Global Data Threat Report was based on a global 451 Research survey, fielded in January 2022, commissioned by Thales of more than 2,700 executives with responsibility for or influence over IT and data security.

Respondents were from 17 countries: Australia, Brazil, Canada, France, Germany, Hong Kong, India, Japan, Mexico, Netherlands, New Zealand, Singapore, South Korea, Sweden, the United Arab Emirates, the United Kingdom, and the United States.

Firms represented a range of industries, with a primary emphasis on healthcare, financial services, retail, technology, and federal government. Job titles ranged from C-level executives; CEO, CFO, Chief Data Officer, CISO, Chief Data Scientist, and Chief Risk Officer, to SVP/VP, IT Administrator, Security Analyst, Security Engineer, and Systems Administrator.