In an era of complex hybrid and multi-cloud environments,
organizations are grappling with the nuance of identifying,
prioritizing, and mitigating risks that threaten their most sensitive
assets. In response, the
Cloud Security Alliance
(CSA) released the
Understanding Data Security Risk survey report. Commissioned by Thales,
the leading global technology and security provider, the report shares
critical insights into the obstacles organizations encounter when
managing their data security risk, and offers actionable steps they can
take to secure their most sensitive assets.
"To successfully navigate today's intricate risk environment,
organizations must refine their strategies. Strengthening risk
awareness, fostering cross-team alignment, unifying fragmented tools
into cohesive platforms, and adopting proactive, risk-driven approaches
allow organizations to enhance resilience, protect critical data, and
streamline compliance, and in doing so, pave the way for a more robust
and adaptable security posture," said Hillary Baron, Senior Technical
Research Director, Cloud Security Alliance.
The study examined companies' security, governance, and compliance
methods for assessing data risk across their assets, specifically how
they identify, categorize, and evaluate risk, as well as the tools they
use to monitor, assess, and mitigate it. The survey also sought to
identify the key challenges organizations encounter when trying to gain a
comprehensive view of their risk posture to minimize response
effectiveness and potential down time. Among the findings:
-
Many organizations lack the tools and confidence to identify high-risk
data sources, with 31% reporting insufficient tooling and nearly 80%
expressing low to no confidence in their ability to address these risks.
-
Diverging focuses between management and staff create inefficiencies.
Executives prioritize aligning security efforts with broader business
objectives (41%), while operational teams face resource constraints and
rely heavily on manual (22%) or semi-automated (54%) processes.
-
Over half of organizations (54%) use four or more tools to manage data
risks, leading to inefficiencies and conflicting information.
-
Compliance remains a primary driver for risk reduction (59%), but a
heavy focus on regulatory adherence often leaves organizations
unprepared for emerging threats.
-
Organizations are beginning to prioritize risk-based approaches, with
identifying and prioritizing vulnerabilities ranking as top priorities.
While organizations continue to face a rapidly changing threat
landscape, where the complexities of hybrid and multi-cloud environments
expose new vulnerabilities and challenge traditional risk management
strategies, the survey found that by gaining a deeper understanding of
their own data risks, organizations can close confidence gaps,
streamline operations, and stay ahead of evolving threats.
"In 2025, organizations must transition from a purely compliance-focused
approach to a more proactive risk-focused strategy. This requires a
clear understanding of risk across key dimensions, including
organizational risk, asset risk, and regulatory risk. Risk visibility
must be quantifiable and prioritized according to its potential impact
on the business. By leveraging key data risk indicators from the entire
data estate, organizations can create an actionable risk view that
empowers them to make informed and effective decisions to strengthen
data security," said Todd Moore, Vice President, Thales Data Security.
Thales financed the project and co-developed the questionnaire with CSA
research analysts. The survey was conducted online by CSA in November
2024 and received 912 responses from IT and security professionals from
organizations of various sizes and locations. CSA's research analysts
performed the data analysis and interpretation for this report.
Download the full Understanding Data Security Risk survey report.