Download Publication

Understanding Data Security Risk Survey Report 2025
Release Date: 02/26/2025
Organizations face a rapidly changing threat landscape. The complexities of hybrid and multi-cloud environments are exposing new vulnerabilities and challenging traditional cybersecurity risk management strategies.
To better understand the current state of the industry, Thales commissioned CSA to develop a survey and report. The report aims to illuminate current data security risk assessment practices and areas for improvement. CSA conducted the survey in November 2024 and received 912 responses from IT and security professionals.
The results reveal critical insights into the obstacles organizations encounter. These obstacles include fragmented tools, confidence gaps in risk understanding, and misaligned priorities between leadership and operational teams. While these challenges are significant, the findings also highlight actionable opportunities for organizations to rethink their strategies. By embracing a more proactive approach to risk management, organizations can stay ahead of evolving cybersecurity threats.
Key Findings:
- Many respondents (31%) lack tools to identify their riskiest data sources. Other respondents (12%) are unsure if they even have such tools. This lack of adequate tooling creates blind spots that hinder proactive risk management.
- Only a small number of management professionals (3%) are "not at all confident" in identifying high-risk data sources. However, more of their staff (10%) lack confidence. This lack of staff confidence indicates operational barriers that management’s strategic plans do not fully address.
- Over half of organizations (54%) use four or more tools to manage data risks. This creates inefficiencies and conflicts in information that hinder effective decision-making.
- Over half of respondents (59%) cite regulation and compliance as the primary drivers for risk reduction.
- Respondents rank identifying vulnerabilities (7.06) and prioritizing vulnerabilities (6.15) as their highest priorities. This far outpaces activities such as changing policies and controls (3.62).
Download this Resource
Acknowledgements

Hillary Baron
Senior Technical Director - Research, CSA
Hillary Baron
Senior Technical Director - Research, CSA

Josh Buker
Research Analyst, CSA
Josh Buker
Research Analyst, CSA

Ryan Gifford
Research Analyst, CSA
Ryan Gifford
Research Analyst, CSA

Sean Heide
Sean Heide

Alex Kaluza
Research Analyst, CSA
Alex Kaluza
Research Analyst, CSA

John Yeoh
Global Vice President of Research, CSA
John Yeoh
Global Vice President of Research, CSA
With over 15 years of experience in research and technology, John excels at executive-level leadership, relationship management, and strategy development. He is a published author, technologist, and researcher with areas of expertise in cybersecurity, cloud computing, information security, and next generation technology (IoT, Big Data, SecaaS, Quantum). John specializes in risk management, third party assessment, GRC, data protection, incid...
Marina Bregkou
Principal Research Analyst, Associate VP
Marina Bregkou
Principal Research Analyst, Associate VP
Are you a research volunteer? Request to have your profile displayed on the website here.
Related Certificates & Training

Learn the core concepts, best practices and recommendation for securing an organization on the cloud regardless of the provider or platform. Covering all 14 domains from the CSA Security Guidance v4, recommendations from ENISA, and the Cloud Controls Matrix, you will come away understanding how to leverage information from CSA's vendor-neutral research to keep data secure on the cloud.
Learn more
Learn more