Gap found between data security perceptions & breach reality
Dasera, a data security posture management (DSPM) firm based in Mountain View, California, has published its annual report titled The State of Data Risk Management 2024. The report highlights a considerable gap between organisations' perception of data security and the actual incidence of breaches.
According to the report, 63% of organisations believe their security measures are effective, despite a record-breaking number of data breaches in the past year. CEO and Co-founder of Dasera, Ani Chaudhuri, commented on the findings: "How organisations handle and manage personal and sensitive data is under increased scrutiny and tightening standards. Despite this, our report found that many organisations overestimate their security measures, leading to significant corporate risks like reputational and financial losses. As attacks become more sophisticated and targeted, organisations must proactively assess and secure their data security posture to close the gap between perceived security strength and the reality of breaches."
Dasera researchers examined data risk perceptions and actual preparedness against breaches across various industries. The analysis revealed differences in data security ratings and tangible preparedness for cybersecurity threats.
Key findings from the report include significant security challenges. Among the top concerns were data breaches, ransomware, insider threats, and misconfigurations. Compliance remains a priority, with 72% of organisations utilising audits, in-house legal teams, compliance software, and external consultants to meet regulatory requirements.
The study also assessed the perceived effectiveness of data security strategies. Most organisations view their strategies as effective, with 44% considering them somewhat effective and 19% rating them as very effective. These figures, however, contrast sharply with the reality of numerous data breaches reported.
Regarding the adoption of data governance tools, the report found that 27% of organisations have implemented data cataloging tools, showcasing proactive data management and security. Furthermore, 50% of data is stored on cloud platforms, indicating a significant move towards cloud services for data management. Monitoring and access control appear to be priorities, with 60% of organisations employing role-based access control systems. Data usage tracking is another focus, with 38% using manual and automated processes to classify sensitive data, stressing the importance of accurate data categorisation for enhancing security. Additionally, 58% of companies describe their data tagging and security principles as effective, highlighting ongoing challenges in enforcing minimal access rights to protect sensitive information.
Industry-specific insights reveal varying levels of confidence and challenges in data security strategies. Information Technology and Financial Services sectors exhibit the highest confidence in their data security measures. Conversely, the government sector faces greater challenges and displays less confidence. Notably, the healthcare industry reported no instances of organisations deeming their data security strategies ineffective.
The prevalence of manual, homegrown processes and a lack of awareness among executives and departments point to a critical need for strategic alignment and automation in data security. Dasera underscores the necessity for organisations to adopt integrated and automated data security strategies to mitigate significant challenges.
To effectively address the complexities of the data risk landscape, Dasera recommends comprehensive data discovery and classification, adopting a holistic data governance framework, leveraging advanced monitoring and analysis tools, prioritising risk management and compliance, educating and training staff, embracing a zero-trust security model, and optimising security investments with scalable solutions.
Dasera's survey involved over 300 respondents from diverse sectors, including education, professional services, information technology, government, health and life sciences, and financial services. Larger organisations, especially in financial services and health and life sciences, rated their data security and governance practices more positively. In contrast, education and smaller organisations encountered more challenges, resulting in lower ratings. These findings highlight discrepancies between high confidence levels reported by certain sectors and the record-breaking breach data reported in 2023 by sources such as the Verizon Data Breach Report, Identity Theft Resource Centre, Kroll's 2023 Data Breach Outlook Report, and Firewall Times.