ChaptersCircleEventsBlog

Download Publication

Understanding Data Security Risk Survey Report 2025
Understanding Data Security Risk Survey Report 2025

Understanding Data Security Risk Survey Report 2025

Release Date: 02/26/2025

Organizations face a rapidly changing threat landscape. The complexities of hybrid and multi-cloud environments are exposing new vulnerabilities and challenging traditional cybersecurity risk management strategies.

To better understand the current state of the industry, Thales commissioned CSA to develop a survey and report. The report aims to illuminate current data security risk assessment practices and areas for improvement. CSA conducted the survey in November 2024 and received 912 responses from IT and security professionals.

The results reveal critical insights into the obstacles organizations encounter. These obstacles include fragmented tools, confidence gaps in risk understanding, and misaligned priorities between leadership and operational teams. While these challenges are significant, the findings also highlight actionable opportunities for organizations to rethink their strategies. By embracing a more proactive approach to risk management, organizations can stay ahead of evolving cybersecurity threats.

Key Findings:
  • Many respondents (31%) lack tools to identify their riskiest data sources. Other respondents (12%) are unsure if they even have such tools. This lack of adequate tooling creates blind spots that hinder proactive risk management.
  • Only a small number of management professionals (3%) are "not at all confident" in identifying high-risk data sources. However, more of their staff (10%) lack confidence. This lack of staff confidence indicates operational barriers that management’s strategic plans do not fully address. 
  • Over half of organizations (54%) use four or more tools to manage data risks. This creates inefficiencies and conflicts in information that hinder effective decision-making. 
  • Over half of respondents (59%) cite regulation and compliance as the primary drivers for risk reduction.
  • Respondents rank identifying vulnerabilities (7.06) and prioritizing vulnerabilities (6.15) as their highest priorities. This far outpaces activities such as changing policies and controls (3.62).
Download this Resource

Bookmark
Share
Related resources

Acknowledgements

Hillary Baron
Hillary Baron
Senior Technical Director - Research, CSA

Hillary Baron

Senior Technical Director - Research, CSA

Josh Buker
Josh Buker
Research Analyst, CSA

Josh Buker

Research Analyst, CSA

Ryan Gifford
Ryan Gifford
Research Analyst, CSA

Ryan Gifford

Research Analyst, CSA

Sean Heide
Sean Heide

Sean Heide

Alex Kaluza
Alex Kaluza
Research Analyst, CSA

Alex Kaluza

Research Analyst, CSA

John Yeoh
John Yeoh
Global Vice President of Research, CSA

John Yeoh

Global Vice President of Research, CSA

With over 15 years of experience in research and technology, John excels at executive-level leadership, relationship management, and strategy development. He is a published author, technologist, and researcher with areas of expertise in cybersecurity, cloud computing, information security, and next generation technology (IoT, Big Data, SecaaS, Quantum). John specializes in risk management, third party assessment, GRC, data protection, incid...

Read more

Marina Bregkou
Marina Bregkou
Principal Research Analyst, Associate VP

Marina Bregkou

Principal Research Analyst, Associate VP

Are you a research volunteer? Request to have your profile displayed on the website here.

Related Certificates & Training