2024 Thales Data Threat Report Ranks Ransomware Attacks as Top Threat in India, as Compliance Failings Leave Businesses Vulnerable to Breaches
- 11% of respondents accepted that they fell victim to a ransomware attack in the last year in India, with 10% paying the ransom
- Misconfiguration/ human error identified as the top cause of data breaches in India and across the world for the second year in a row
- 43% of respondents failed a compliance audit last year globally, with those companies 10x more likely to suffer a data breach
Thales today announced the release of the 2024 Thales Data Threat Report, its annual report on the latest data security threats, trends, and emerging topics based on a survey of nearly 3000 IT and security professionals in 18 countries across 37 industries. This year’s report found that 93% of IT professionals globally believe security threats are increasing in volume or severity, a significant rise from 47% last year.
Threats continue to increase in volume and severity
The findings of the report indicate that 11% of respondents experienced ransomware attacks in India in the past year. Despite ransomware ranked as topmost growing threat by the respondents in the country, only 20% of have a formal ransomware plan in place, with 10% resorting to paying the ransom demands.
Ransomware and malware stand out as the fastest-growing threat of 2024, with 42% of respondents ranking them as topmost fastest growing type of threat. Cloud assets, including SaaS applications, cloud-based storage, and cloud infrastructure management, remain the primary targets for such attacks.
The report shows that for a second year running, human error remains the leading cause of data breaches, with 34% of enterprises pinpointing this as the root cause.
These insights are drawn from the 2024 Thales Data Threat Report, conducted by 451 Research. The report sheds light on how businesses are adapting their data security strategies and practices in response to an evolving threat landscape.
Compliance is the key to data security
The research found that 40% of respondents in India failed a compliance audit in the past twelve months – with the report highlighting a very clear correlation between compliance and data security.
19% of respondents had experienced a breach that very same year.
Operational complexity continues to cause data headaches
Fundamental understanding of what systems, applications, and data are at risk continue to lag due to changing regulatory and threat landscapes. Only a third (31%) of Indian organisations are able to fully classify all of their data, with a worrying 20% stating that they classify very little or none of their data.
Operational complexity remains a barrier globally. While the number of respondents reporting five or more key management systems is down (53% versus 62% last year), the average number declined only slightly (from 5.6 to 5.4).
Worldwide, the reality of multicloud across services and changing global data privacy regulations means that data sovereignty is a leading priority for businesses, with 28% identifying mandatory external key management as the leading way to achieve sovereignty. 39% said that data residency would no longer be an issue provided that external encryption, key management, and separation of duties were implemented.
“Enterprises need to know exactly what they’re trying to protect. With data privacy regulations continually changing in India and across the world, enterprises need to have good visibility across their organisation to stand any chance of staying compliant,” said Ashish Saraf, VP and Country Director, Thales in India.
“If there’s one key takeaway from this year’s study, it’s that compliance is key. In fact, respondents that had a good hold over their compliance processes and passed all their audits were also less likely to suffer a breach. As India continues to progress in the technological landscape, we’ll start to see more compliance and security functions coming together. This would be a huge positive step to strengthen cyber defenses and build trust with customers,” he added.
Emerging technology poses both threats and opportunities
Looking ahead, the report also explored which emerging technologies are top-of-mind for IT and security professionals, with 57% identifying Artificial Intelligence (AI) as a huge source of concern globally. This was closely followed by IoT (55%) and Post Quantum Cryptography (45%).
That said, worldwide enterprises are also looking at the opportunities that emerging technologies bring, with over a fifth (22%) planning to integrate Generative AI into their security products and services in the next 12 months, and a third (33%) planning to experiment integrating the technology.
For more information please join our webinar with S&P Global on April 16, 2024 hosted by Eric Hanselman, Chief Analyst and Justin Lam, Research Analyst.
About the 2024 Thales Global Data Threat Report
The 2024 Data Threat Report (DTR) analyses how core security practices have changed in response to or in anticipation of changing threats. This report also offers perspectives on what organisations can do to leverage data assets to expand opportunities to make their businesses more agile and build trust with their customers. This research was based on a global survey of 2,961 respondents fielded via web survey with targeted populations for each country, aimed at professionals in security and IT management. In addition to criteria about level of knowledge on the general topic of the survey, the screening criteria for the survey excluded those respondents who indicated affiliation with organizations with annual revenue of less than US$100 million and with US$100 million-$250 million in Australia, Brazil, Canada, France, Germany, Hong Kong, India, Italy, Japan, Mexico, the Netherlands, New Zealand, South Korea, Singapore, Sweden, the United Arab Emirates, the United Kingdom and the United States of America.
