Ransomware attacks against companies rise by 27% in 2024
The increase in ransomware attacks continues to climb, with a 27% rise seen in victim companies over the past year, according to findings presented in Thales' 2024 Data Threat Report. The study further reveals that an alarming 8% of targeted organisations felt compelled to pay the demanded ransom.
The report, founded on a survey of 3,000 IT and security professionals spanning 18 nations and 37 distinct industries, disclosed that a substantial 93% of IT personnel now consider security threats to be growing either in sheer volume or in severity. This figure marks a considerable jump from last year's 47%.
The 2024 study, conducted by 451 Research, unveiled several other key insights. Almost half of all enterprises (43%) failed to pass a compliance audit during the past year. Those failing businesses were found to be 10 times more likely to suffer a data breach than their passing counterparts. Malware emerged as the top-growing threat of 2024, with 41% of enterprises falling prey. Phishing and ransomware followed closely behind. The survey also found that cloud assets including SaaS applications, cloud-based storage, and cloud infrastructure management were the main draw for such attacks.
For a consecutive year, the report identified human error as the chief cause of data breaches, as 31% of organisations attributed data breaches primarily to this error. Sebastien Cano, Senior Vice President at Thales Cloud Protection and Licensing, underscored the importance of an up-to-date understanding of all systems, applications, and associated risk due to the ever-changing regulatory and threat landscapes to remain in line with global data privacy regulations.
Compliance emerged as a pivotal cornerstone for data security. In the past year, over two-fifths (43%) of enterprises failed a compliance audit. Organisations that had failed a compliance audit had a 31% likelihood of experiencing a data breach in the same year, compared to a mere 3% probability for those that had successfully passed audits.
Furthermore, maintaining an operational grip on data remains an elusive goal for many businesses. Only a third (33%) have managed to fully classify all their data, while a worrying 16% have classified very little or none of their data. Notably, only 5.4% of the respondents reported employing five or more key management systems, down from 5.6% last year.
With regards to emerging technologies, 57% of IT and security professionals identified Artificial Intelligence (AI) as a significant concern, marginally more than the Internet of Things (IoT) and post-quantum cryptography. Despite the fear, businesses are also excited by the potential of these technologies, as over a fifth (22%) plan to incorporate Generative AI into their security products and services within the next year.