Thales Data Threat Report 2023 finds not only an increase in ransomware attacks, but also the growth of cloud data breaches. The Annual Report on Cyber ​​Threats was conducted on approximately 3,000 IT professionals from public and private organizations in 18 countries, including Italy. The companies interviewed come from the most diverse sectors. Just as the professionals interviewed are of different levels. Respondents come from organizations of various sizes: most with 500 to 10,000 employees. The survey was conducted in November and December 2022.

A global alarm

Nearly half (47%) of the professionals surveyed believe that security threats are increasing in volume or severity. While 48% report an increase in ransomware attacks. More than a third (37%) globally (46% in Italy) have experienced a data breach in the last 12 months and 22% report that their organization has been victim of a ransomware attack.

Work that moves to the cloud is growing

The survey shows that the main target of cyber attacks is cloud data. Over a quarter (28%) of global respondents (46% in Italy) say cloud-based storage is their primary focus, followed by end-user devices (44%). The increase in attacks on the cloud is due to the growth of work moving to the cloud, in fact 75% of respondents say that 40% of data stored in the cloud is now classified as sensitive compared to 49% of respondents in 2022. The report also highlights the strategies companies have implemented to protect their data, in a scenario where cyber attacks are constantly evolving.

The human factor, cause of ransomware attacks and data breaches

Respondents believe that simple human errors are the leading cause of cloud data breaches. For example, misconfigurations or oversights that can accidentally lead to systems breaches. 55% of those who have experienced a data breach in the past 12 months believe that the root cause is misconfiguration, followed by not using MFA (20%).

Ransomware attacks and cloud data breaches on the rise

The report finds that identity and access management (IAM) is the best defense. In fact, 28% of respondents identify it as the most effective tool to mitigate these risks.

Invest to prevent

Meanwhile, the severity of ransomware attacks appears to be declining from 2022. 35% of respondents report that ransomware has had a significant impact, up from 44% of respondents in 2022. Spending is also moving in the right direction. 61% report that would increase budget to acquire tools to prevent ransomware attacks – up from 57% in 2022 – but responses to ransomware remain inconsistent. Only 49% of companies report having a formal plan to deal with ransomware attacks, while 67% report data loss caused by ransomware attacks.

A challenge in the short and long term

Digital sovereignty is becoming increasingly important for IT professionals responsible privacy and data security. Overall, the Thales report finds that data sovereignty remains both a short- and long-term challenge for businesses. 83% express concerns about data sovereignty. More than 55% (63% in Italy) agree that data privacy and cloud compliance have become increasingly difficult, likely due to the requirements to achieve digital sovereignty.

Ransomware attacks and data breaches

Threats from quantum computers that attack classical encryption schemes are also a concern for organizations. The Thales Report finds that Harvest Now, Decrypt Later (“HNDL”) and future network decryption constitute the biggest security concerns of quantum computing, with 62% and 55% respectively reporting concerns. While postquantum cryptography (PQC) turns out to be the discipline to counter these threats, the report finds that 62% of organizations have five or more key management systems, presenting a challenge for PQC and cryptographic agility.

The Italian market

Sergio Sironi, Southern Europe Sales Director for the Thales Cloud Protection & Licensing business line

Businesses continue to be very concerned about cyber threats, although our report findings indicate that good progress is being made in some areas. The report shows that the Italian results are mostly comparable with those of the rest of the world, with the exception of two figures. In particular, almost half of the interviewees – 46% in Italy – report having suffered a data breach in the last 12 months, against 37% globally and – again 46% in Italy – say that cloud storage is the main goal. A circumstance certainly linked to the fact that work today is increasingly “hybrid”.

The big news that emerged from the 2023 research is also the importance of digital sovereignty which is becoming crucial for corporate IT managers. Managers who increasingly need to know how data is stored”.