The Global Data Protection Index sheds light on pressing concerns around cyber attacks
The latest Global Data Protection Index (GDPI) reinforces the importance of staying the course when it comes to protecting data in today’s digitally transformed world. Navigating the complex terrain of data protection remains a formidable challenge and demands a steadfast commitment to understanding all the risks that can threaten an organization’s data.
Concern over cyber threats continues to grow and remains at the top of the list for causes of organizational disruption with 52% of respondents reporting a cyberattack that prevented access to data within the past 12 months. This is the highest percentage in over 5 years. The monetary impact to organizations is considerable with costs more than doubling over our last report to $1.4 million on average. The Global Data Protection Index surveyed 1,500 IT and IT security decision makers with 25 percent of APJ respondents from a wide range of public and private industries in September and October 2023 across the globe.
This concern is well founded as 75% of organizations surveyed are worried that their existing data protection measures are unable to cope with ransomware threats. 69% are not very confident that they could reliably recover in the event of a destructive cyberattack. Yet despite these perspectives, most organizations (59%) invest more in cyber prevention than cyber recovery. The balance between prevention and recovery needs to be carefully thought through considering the reality that successful attacks are on the rise. Another recurring red flag is that 81% of organizations believe that the rise in remote workers, fueled by the pandemic and still prevalent today, has increased their exposure to data loss from a cyberattack. This sentiment is also up from 70% in our last research findings.
New insights were also uncovered regarding the use and effectiveness of insurance policies to help mitigate an organization's financial exposure. While 93% of organizations cited the use of ransomware insurance policies, they noted that several conditions could limit coverage. For example, 57% responded that proof of best practices for cyberthreat prevention was required, 40% indicated some scenarios would void the policy and 40% pointed to the fact payments to some entities may be restricted by law.
In the end, 85% of organisations had to pay to access their data. So, while insurance policies can be a valid component of a cyber security strategy, organizations must understand their limitations.
In response to these growing threats, organizations are not sitting still when it comes to fortifying their cyber resiliency. Several trends indicate that organizations are becoming more proactive with 50% bringing in professional services to bolster resources, 49% conducting regular cyber recovery testing and 42% having deployed a cyber vault with physical and logical separation from production data.
For the first time, the GDPI probed into the impact of generative AI on both the cyber threat landscape and future data protection requirements. 52% believe that generative AI will provide an advantage to their organization's cyber security posture but 88% also agree generative AI is likely to generate large volumes of new data and increase the value of certain data types which will need to be considered when mapping out their future data protection strategies.
As organisations increasingly turn to public cloud solutions, implement hybrid working models, and experiment with generative AI, the criticality of data protection is more evident than ever. Yet, securing and safeguarding digital assets is becoming a more complex challenge for many. In a landscape continuously threatened by cyberattacks, businesses need to chart a path and stay the course. As someone once said, it’s a marathon, not a sprint.
(The writer is an expert on cyber security and provides data protection solutions; views are personal)
