Veritas Research: Many Organisations Underestimate Risk
Veritas Technologies, the leader in secure multi-cloud data management, today released findings of new research that shows nearly half of organisations (45% globally and 41% in Singapore) may be miscalculating the severity of threats to their business. The study, Data Risk Management: The State of the Market—Cyber to Compliance, which polled 1,600 executives and IT practitioners across 13 global markets, provides insights into the most pressing risks, their impacts and how organisations plan to navigate them.
Despite risk factors like interest rates and inflation pressing hard on organisations, ransomware and multi-cloud complexity are also growing concerns for businesses of all kinds. However, when survey respondents in Singapore were initially asked whether their organisations were currently at risk, almost half (41%) said no. But, after being presented with a list of individual risk factors, respondents of all levels recognised the challenges facing their organisations with all (100%) then identifying a risk to their organisation.
Andy Ng, Vice President and Managing Director of Asia South and Pacific Region at Veritas Technologies, said: “While alarming, the vital first step for organisations is to recognise the myriad of risks that may affect their business operations, and how they need to stay vigilant. It is concerning that while a majority of respondents understand the presence of risks and are taking steps to address them, our data suggests that organisations globally, including Singapore, are still greatly underestimating the likelihood of these risks affecting them, and causing their businesses actual damages.”
Clear and Present Danger
Given the macro landscape and daily news headlines, survey responses are a clear reflection of the times. Participants across the world identified data security (46%), economic uncertainty (38%) and emerging technologies, such as AI (36%), as the top threats faced by their organisations today, from among an extensive list of possible hazards. Traditional threats like competition and a shortage of talent took fourth and fifth place. Geopolitical instability fell even further down the list to seventh place.
In Singapore, respondents identified economic uncertainty (40%), competition (40%), data security (36%) and emerging technologies such as AI (35%) as the top threats faced by their organisations. In line with the growing awareness of the global climate crisis, weak sustainability measures (34%) took fifth place. Traditional threats like geopolitical instability (32%) and talent shortage (30%) were further down the list.
AI is proving to be a double-edged sword for organisations. There have been numerous reports over recent months of bad actors adopting AI solutions to create more sophisticated and compelling ransomware attacks on businesses. It has additionally been recognised as a risk factor for businesses who fail to put proper guardrails in place to stop employees from breaching data privacy regulations through the inappropriate use of generative AI tools.
Conversely, AI is also tipped to be one of the best solutions for businesses to fight back against hackers, since its capabilities can be harnessed to automate the detection of, and response to, malicious activities.
Additionally, 87% of those surveyed globally admitted they had experienced a negative impact from risks, including reputational and financial harm. When asked which risks had resulted in actual damage to their organisations, data security was again highest, with 40% of respondents attesting to related damages. Economic uncertainty was the second most common risk to have affected organisations, with 36% having been hurt. Damages from competition came in third, at 35%, and emerging technologies, such as AI, at 33%. In Singapore, emerging technologies such as AI (39%), weak sustainability measures (37%), competition (35%) and data security (33%) were top risks that resulted in actual damage to organisations.
The effects of data security breaches were underscored by the number of organisations that had been hit by ransomware attacks. A sizable majority (65% globally and 68% in Singapore) said that, over the past two years, their organisations had been the victim of at least one successful ransomware attack in which hackers were able to infiltrate their systems. 26% (both globally and in Singapore) who experienced a successful attack said they did not report it. Breaches that caused a failure to comply with regulatory requirements cost respondents’ organisations, on average, more than US$336,000 globally (and more than US$346,000 in Singapore) in regulatory compliance fines during the last year.
Caught in The Crosshairs
For many respondents, the level of risk is rising. More (54% globally and 57% in Singapore) were likely to say risks to data security have increased rather than decreased (21% globally and 19% in Singapore) over the last 12 months. Yet, they may not fully appreciate their own vulnerabilities. This perception gap emerges in light of how organisations representing specific sectors assessed their risk, versus how their responses were scored via a risk rating scale.
Researchers assigned each respondent a “risk ranking” score based on their answers and what these revealed about their adherence to security best practices. While the public sector ranked as the most at-risk group, just 48% of those respondents rated themselves as being at risk. Similarly, only 52% of respondents from the energy, oil/gas and utilities sectors viewed themselves at risk.
Most at-risk sectors | Most at-risk countries/regions | ||
1 | Public sector | 1 | UK |
2 | Energy, oil/gas and utilities | 2 | France |
3 | Media, leisure and entertainment | 3 | China |
4 | Construction and property | 4 | Singapore |
5 | Manufacturing and production | 5 | Japan |
6 | IT, technology and telecom | 6 | US |
7 | Business and professional services | 7 | Australia |
8 | Financial services | 8 | Nordics |
9 | Healthcare | 9 | DACH |
10 | Biopharma | 10 | India |
Shoring Up Their Defences, But Are They Doing Enough?
For organisations around the world aiming to mitigate data security risks, many have increased their data protection budgets as much as 30% (31% in Singapore) over the last 12 months. The average data protection and security team size also grew by 21-22 staff members (25-27 in Singapore). Eighty-nine percent globally (80% in Singapore) said staffing levels are now at an adequate level for keeping their organisation secure.
Along with staffing additions, organisations are exploring other ways to fortify their defences. Despite ranking AI and emerging technologies as a top risk, 68% of respondents globally (65% in Singapore) are looking at AI and machine learning to boost security. Given AI’s dual nature as a force for both good and bad, the question going forward will be whether their organizations’ AI protection can evolve ahead of hackers’ AI attacks.
The research also appears to expose another chink in the armour with more than a third (37% globally and 43% in Singapore) reporting that they have no data recovery plan in place or have only a partial plan. That presents cause for concern considering nearly half (48% globally and 49% in Singapore) experienced data loss at least once in the past two years.
Ng continued, “It is easy for companies to approach their data security strategy with a false sense of confidence, at a time where AI and machine learning capabilities are integrated into their cyber security solutions for the promise of greater efficiency. The recent spate of high-profile data breaches has proven no business is immune. As cyber-attacks grow in scale and complexity, AI is not a panacea for cyber resiliency. To strengthen their data security posture and successfully navigate risks, organisations must be forearmed with a comprehensive cyber resiliency plan, and recalibrate as needed, to protect and recover their data anywhere – from edge to core to cloud.”