Background Image
2023 GLOBAL REVIEW

DATA RISK MANAGEMENT

The State of the Market— Cyber to Compliance

Organizations and their employees need to balance data risk with their roles and responsibilities every day. The ability to manage risk is a foundation of a successful and growing organization. Emerging risks and risk perceptions can have a profound impact—for some organizations, they can be too much. 

We interviewed 1,600 executives and IT practitioners from multiple regions and industries. 

Explore the global report summary. 

Discover the greatest risks organizations experience today and how this translates into action. 

Data security is the standout risk among a litany of threats.

When asked to identify the greatest risks, respondents were most likely to rank data security among the top three, followed by risks from economic uncertainty and emerging technologies like AI. 

46%
Icon

Data Security

38%
Icon

Economic Uncertainty

36%
Icon

Emerging Technologies

Data security is under constant, and unprecedented, threat levels. 

Risk is on the rise.

Over the last 12 months across all types of risk:

Icon

54%

say the level of risk has increased.

Icon

21%

say the level of risk has decreased.

93%

of executives report actual damage, such as financial and reputational, from the risks they face. 

Icon

Executives are more likely to be involved in key conversations about operations and may have a more accurate view. 

82%

of practioners report actual damage, such as financial and reputational, from the risks they face.

Icon

Practitioners are less likely to be involved in key conversations about operations and may have a less accurate view.

72%

of executives report their organization experienced a successful ransomware attack in which an attacker gained access to the system.

Icon

Senior leaders may be limiting transparency to avoid widespread panic.

57%

of practitioners report their organization experienced a successful ransomware attack in which an attacker gained access to the system.

Icon

Senior leaders may be limiting transparency to avoid widespread panic.

Perhaps more concerning is that 26% report they’ve experienced an attack, but haven’t reported it publicly. 

Yes, we have experienced an attack, and reported it publicly
39%
Yes, we have experienced an attack, but did not report it publicly
26%
No, we have not experienced an attack
35%
Yes, we have experienced an attack, and reported it publicly
49%
Yes, we have experienced an attack, but did not report it publicly
23%
No, we have not experienced an attack
28%
Yes, we have experienced an attack, and reported it publicly
29%
Yes, we have experienced an attack, but did not report it publicly
29%
No, we have not experienced an attack
42%

Ransomware attacks are not the only type of cyberattack.

Data loss events are happening across organizations’ infrastructure. 

Digitally focused organizations distribute data across multiple environments. The pandemic provided the torchlight for many organizations to accelerate their uptake in cloud services.

Attackers are constantly probing systems for weaknesses. For them, data is gold. 

Data security and data compliance are undeniably intertwined.

With increased focus on risks from data security, leaders must ensure that they don’t lose sight of regulatory requirements and remain compliant. Staying compliant ensures organizations not only avoid relevant fines, but also protects the brand reputation.

$336,219

Average fine levied on organizations that have failed to meet compliance regulations.

$450,924

Average fine levied on organizations in EMEA that have failed to meet compliance regulations.

$321,806

Average fine levied on organizations in APAC that have failed to meet compliance regulations.

$180,087

Average fine levied on organizations in the Americas that have failed to meet compliance regulations.

What are organizations doing to address increasing risks? 

Organizations have responded by increasing data protection budgets and staffing. 

Average budget increase for all environments measured.

(on-premises, private cloud, public cloud)

21–22 People

Average staffing increase for data protection and data security teams.

68%

Adoption of

AI/ML

Harnessing the benefits of AI.

Organizations are looking at more ways to boost their defenses. Key among these is the implementation of AI and/or machine learning. AI—no doubt the current buzzword—has the potential to improve efficiencies and help security teams.

It’s important to note that emerging technologies such as AI also bring new threats. However, one of AI’s anticipated benefits is reducing data security risk. 

Recovery plans and rehearsals are crucial.

The greater the preparation, the faster an organization and its employees can react during a security incident.

A well-defined recovery plan can go a long way to minimize damage. Having an incomplete plan risks wasting crucial time in such an event. 

93%

of respondents have a data recovery plan in place.

27%

of respondents say it’s only a partial plan.

5–6 weeks

Average frequency of automated recovery rehearsals.

Organizations currently perform automatic rehearsal and manual recovery exercises on their data and critical applications only every five to six weeks, on average.

These exercises must be done on a more regular basis to ensure quick recovery from data security threats, no matter how data or process has changed. 

Most organizations underestimate the task ahead.

When presented with the different risk categories, both executives and practitioners admit that their organizations are perhaps more at risk than they initially thought.

52%

Overall risk:

About half considered their organization to be currently at risk.

97%

Individual risk factors:

Nearly all indicated that their organization experiences risk.

Industry is also a factor.

Different industries have different perspectives on being "at risk."

Icon

78%

Media, Leisure, & Entertainment

Icon

77%

Biopharma

Icon

62%

Manufacturing & Production

Icon

62%

Healthcare

For some organizations, the level of risk will be too much. 

15%

of organizations say the level of risk will put them out of business within the next 12 months.

This is highest among...

Organizations in EMEA 

20%

Organizations with 3,000+ Employees

17%

Job Roles in Financial Operations

32%

So what does it all mean?

In a world where organizations face different threats every day, it’s not just those that are willing to take business risks that will succeed. It’s those who most effectively minimize threats that will be the best positioned to survive and thrive.