U.S. Survey Highlights
Ransomware continues to plague organizations globally yet few are expanding budget for ransomware tools
- One in five (21%) IT professionals globally say their organization has experienced a ransomware attack, including 20% of respondents in the U.S.
- Of those IT respondents globally who were attacked, 55% say their internal operations were impacted, including 19% who said they were significantly affected and required remediation
- Just 3% of those impacted say they had been mentioned publicly in the media
- Of those IT respondents globally who were attacked, 55% say their internal operations were impacted, including 19% who said they were significantly affected and required remediation
- Global respondents say financial loss, such as lost sales and legal expenses, has been or would be the greatest impact from the attack, according to 23%. Others say:
- Lost productivity (19%)
- Recovery costs (18%)
- Disclosure of sensitive information through exfiltration (16%)
- Brand reputation (11%)
- Customer loss (7%)
- Less than half of global respondents (48%) say they have a formal ransomware plan in place
- That figure rises to just over half (52%) in the U.S.
- 22% of respondents worldwide said they have paid or would pay a ransom for their data, including 24% in the U.S.
- When asked what types of attacks and threats they have seen an increase in, IT professionals in the U.S. ranked malware as the leading source of attacks (53%), followed by ransomware (49%) and phishing/whaling attacks (42%)
- Despite greater ransomware impacts, 41% of respondents worldwide say they have no plans to change security spending, including 40% of respondents in the U.S.
- Just over a quarter (28%) of respondents globally and in the U.S. say they added additional budget for ransomware tools
Data visibility is a growing challenge in the face of growing cyber threats
- 34% of IT leaders in the U.S. say they are very confident about where their data is being stored (that compares to 37% of U.S. respondents who were surveyed by Thales for the prior report)
- Just 16% say they have complete knowledge of where it is stored
- Just one in five (21%) in the U.S. stated they were able to classify all of their data
- 26% say they can classify little to none
- 53% say they can classify at least half
- 54% of U.S. IT leaders say their organization has experienced a breach, including 35% who were breached in the last 12 months
- Almost half (45%) of IT leaders in the U.S. say they experienced an increase in the volume, severity and/or scope of cyberattacks in the past 12 months
- 43% of U.S. IT leaders admitted to having failed a compliance audit in the past 12 months
As cloud adoption increases within U.S. organizations, so does complexity and risk
- Four in 10 (40%) U.S. respondents say they use more than 50 Software as a Service (SaaS) apps, including 21% who use more than 100 apps
- 51% of U.S. IT leaders agree it is more complex to manage privacy and data protection regulations in a cloud environment than in on-premises networks within their organization, up from 49% last year
- 33% of U.S. respondents state that around half of their workloads and data reside in external clouds, and 29% report more than 60%
- 44% of respondents in the U.S. report that they had experienced a breach or failed an audit in their cloud environments
- Roughly half of U.S. respondents (49%) disclose that more than 40% of their sensitive data has been encrypted, and a fifth (21%) say more than 60% is encrypted
- 76% of U.S. businesses remain “somewhat” or “very” concerned about the security risks of an increasingly remote workforce
- 42% of U.S. respondents say they are “slightly” or “not at all” confident that their current security systems can effectively secure remote work
Threats on the horizon
- IT leaders in the U.S. say broad cloud security toolsets are the greatest future spending priority, according to 24%
- 34% in the U.S. say they expect to prioritize spending on key management in the future with Zero Trust an important strategy for 32%
- When asked to identify security threats from quantum computing, the majority (57%) of U.S. respondents say they are concerned with ‘risk of network decryption,’ followed by ‘key distribution’ (53%) and ‘future decryption of today’s data’ (52%)
- Most U.S. organizations (59%) surveyed say they use encryption to protect sensitive data in the cloud
About the study
The 2022 Thales Global Data Threat Report was based on a global survey commissioned by Thales of more than 2,700 executives with responsibility for or influence over IT and data security. Respondents were from 17 countries: Australia, Brazil, Canada, France, Germany, Hong Kong, India, Japan, Mexico, Netherlands, New Zealand, Singapore, South Korea, Sweden, the United Arab Emirates, the United Kingdom, and the United States. In the U.S., Thales surveyed 511 IT decision makers.
Job titles ranged from C-level executives including CEO, CFO, Chief Data Officer, CISO, Chief Data Scientist, and Chief Risk Officer, to SVP/VP, IT Administrator, Security Analyst, Security Engineer, and Systems Administrator. Respondents represented a broad range of organizational sizes, with the majority ranging from 500 to 10,000 employees.
The survey was conducted by 451 Research, part of S&P Global Market Intelligence, in January 2022.
About Thales
Thales (Euronext Paris: HO) is a global leader in advanced technologies, investing in digital and “deep tech” innovations – connectivity, big data, artificial intelligence, cybersecurity and quantum technologies – to build a confident future crucial for the development of our societies. The Group provides its customers – businesses, organizations and governments – in the defense, aeronautics, space, transport, and digital identity and security domains with solutions, services
and products that help them fulfill their critical role, consideration for the individual being the driving force behind all decisions.
Thales has 81,000 employees in 68 countries. In 2021, the Group generated sales of €16.2 billion.