Compliance failings leave enterprises vulnerable to data breaches

A new report from Thales reveals that 43 percent of enterprises failed a compliance audit last year, with those companies 10 times more likely to suffer a data breach.

Based on a survey of almost 3,000 IT and security professionals it also finds that 93 percent of IT professionals believe security threats are increasing in volume or severity, a significant rise from 47 percent last year.

The number of enterprises experiencing ransomware attacks surged by over 27 percent in the past year. But despite this escalating threat, less than half of organisations have a formal ransomware plan in place, with eight percent resorting to paying the ransom demands.

Malware stands out as the fastest-growing threat of 2024, with 41 percent of enterprises witnessing a malware attack in the past year, closely followed by phishing and ransomware. Cloud assets, including SaaS applications, cloud-based storage, and cloud infrastructure management, remain the primary targets for such attacks.

Sebastien Cano, senior vice president at Thales Cloud Protection and Licensing says:

Enterprises need to know exactly what they're trying to protect. With global data privacy regulations continually changing, they need to have good visibility across their organization to stand any chance of staying compliant.

If there's one key takeaway from this year's study, it’s that compliance is key. In fact, companies that had a good hold over their compliance processes and passed all their audits were also less likely to suffer a breach. We'll start to see more compliance and security functions coming together. This would be a huge positive step to strengthen cyber defenses and build trust with customers.

Looking ahead, the report also explores which emerging technologies are top-of-mind for IT and security professionals, with 57 percent identifying AI as a huge source of concern. This was closely followed by IoT (55 percent) and post quantum cryptography (45 percent).

Enterprises are also looking at the opportunities that emerging technologies bring, with over a fifth (22 percent) planning to integrate generative AI into their security products and services in the next 12 months, and a third (33 percent) planning to experiment integrating the technology.

There will be a webinar to discuss the findings on April 16th and you can get the full Data Threat Report 2024 from the Thales site.

Image credit: BiancoBlue/depositphotos.com