《Thales:2023年数据威胁报告-全球版(英文版)(30页).pdf》由会员分享,可在线阅读,更多相关《Thales:2023年数据威胁报告-全球版(英文版)(30页).pdf(30页珍藏版)》请在三个皮匠报告上搜索。
1、GLOBAL EDITION2023 DATA THREAT REPORTPerspectives and Pathways to Digital Sovereignty and Transformation#2023DataThreatRIntroductionDespite the economic and geopolitical tensions that arose in 2022,enterprises continued to invest in their operations and their digital transformation.Organizations bal
2、anced security and privacy risks with opportunities opened by new technologies and business models.The 2023 Thales Global Data Threat Report,conducted with nearly 3,000 respondents across 18 countries,in roles ranging from senior executive leaders to individual practitioners,illustrates how influenc
3、ers and decision-makers manage this balance;considers their attitudes,perceptions,realities and expectations for the years ahead;looks at the influencers and decision-makers driving enterprise security policies and practices;and highlights changes over time.Source:2023 Data Threat Report custom surv
4、ey from S&P Global Market Intelligence,commissioned by Thales.Sponsored by2023 Data Threat Report:Global E#2023DataThreatReport32023 Data Threat Report:Global EditionContentsDigital transformation continues to accelerate 05Can data security adapt?07Key findings 08The threat landscape ahead 10Interna
5、l attitudes 12Anticipating new technologies 15External expectations new risks 17External events and the accompanying risks 19Anticipating digital sovereignty 21Ransomware responses,results and realities 23Post-quantum cryptography plans and prototypes 25Back to basics 27Moving ahead 28About this stu
6、dy 294Source:S&P Global Market Intelligences 2021-2023 Data Threat custom surveys202%2.550%240%1.530%120%0.510%0%0Multicloud is the rule,not the exception Of the following cloud Infrastructure as a Service(IaaS)providers,which does your organization use or plan to use in a production capa
7、city?12345AVERAGEDigital transformation continues to accelerateDigital transformation continues to accelerate in enterprises despite inflation,market volatility and geopolitical instability.Many private enterprises continue to thrive,with the S&P 500 still recording historically high levels of profi
8、tability in 2022.This profitability drives enterprises to invest in further automating and transforming their operations with new technologies and greater cloud adoption.One of the first observations is the greater diversity of cloud services,technology and personnel.Even organizations that employ m
9、ore conservative cloud deployment strategies such as“lift and shift”report strong multicloud adoption.Respondents representing companies with lift-and-shift strategies report using at least two cloud providers for production workloads across AWS,Google,Azure,Alibaba,Oracle and IBM#2023DataThreatRepo
10、rt5Source:S&P Global Market Intelligences 2021-2023 Data Threat custom surveysSaaS diversity is trending higherHow many Software as a Service(SaaS)applications does your organization use?25%30%35%40%20%15%10%5%0%500+51-100101-50026-501 1-20212023 Data Threat Report:Global EditionThe di
11、versity of enterprise SaaS adoption has also been increasing.In 2021,16%of respondents reported that their enterprise was using 51-100 SaaS applications;in 2023,the percentage using 51-100 SaaS applications has risen to 22%.6Can data security adapt?While many digital transformation initiatives have
12、resulted in new sources of revenue and greater profit for enterprises,security collaboration has lagged.Digital transformation initiatives require changes in approach with greater security collaboration built in.As enterprises adopt new technologies for transformation,they realize the risks with ren
13、ewed concern.According to survey respondents in ranked-choice voting,the greatest risks in cloud operations are infrastructure compromise(67%)and third-party risk(50%).Complexity remains a top barrier to securing multicloud environments for the third year in a row.The number of respondents who“agree
14、”or“strongly agree”that its more complex to maintain privacy and data protection regulations in the cloud has grown from 46%to 50%to 55%in 2021,2022 and 2023,respectively.In the shadow of new geopolitical realities,digital sovereignty and privacy have emerged as top concerns that data management tec
15、hnologies must address.In a new finding from this years report,83%of respondents are“very”or“somewhat”concerned about digital sovereignty.Three-fourths of respondents have security concerns about new technologies such as 5G(77%).Risks from existing threats also continue with 48%of respondents saying
16、 ransomware attacks are still increasing.The 2023 Thales Data Threat Report contrasts expectations and attitudes with results and realities to better illustrate how enterprises can make plans and secure controls to continue their digital transformation journey.This report studies how enterprises res
17、pond to and plan their data security strategies and practices in the light of the changing regulatory,technology and threat landscapes and offers insights into possible #2023DataThreatReport7Were only human:The#1 root cause of cloud data breaches is human errorDigital sovereignty is an emerging stra
18、tegic initiative.While internal security attitudes are improving,security outcomes continue to lag.81%of respondents are still confident to trust their personal data to their systems.Four-fifths(79%)of enterprises have production workloads in more than one public cloud,significantly greater than the
19、 57%who reported the same in 2021.Multicloud is a reality,regardless of cloud maturity.Strong MFA adoption increased to 65%and 28%of respondents identified IAM as the top security technology most effective in protecting sensitive data from cyberattacks.of respondents were very or somewhat concerned
20、that data sovereignty and/or privacy regulations will affect their organizations cloud deployment plans.Yet 37%said they had a breach in the last 12 months.65%96%83%81%79%of respondents consider designating or changing the location and jurisdiction or full data encryption are acceptable measures to
21、achieve various levels of digital sovereignty.2023 Data Threat Report:Global EditionKey findings8Cloud risk awareness is catching up with cloud adoption.Growing complexity of Hybrid IT challenges data security architecturesof organizations have a formal ransomware response plan,compared to 48%in 202
22、2 when we first asked.Post quantum cryptography moves further from the academic to the real world.had security concerns around 5G.Of those with concerns,75%said protecting the identities of people and devices connecting to 5G networks was the top concern.SaaS apps and cloud-based storage was identif
23、ied as the top target for cyber attacks 62%of enterprises have at least 5 enterprise key management systems adding to the complexity.55%agree that it is more complex to manage privacy and data protection regulations in a cloud environment than on-premises networks.Enterprises should begin today to i
24、nventory and simplify their encryption deployments.49%62%55%77%38%ONLY5G5G#2023DataThreatReport92023 Data Threat Report:Global EditionThe threat landscape aheadRespondents continue to see a serious threat landscape ahead.Nearly half(47%)of respondents say that attacks are increasing in volume or sev
25、erity,similar to reported numbers in 2021 and 2022.Of those respondents seeing an increase in attacks/threats,59%report increases in malware,48%report increases in ransomware and 43%have seen an increase in phishing attacks.The primary types of threats increasing and the percentage of respondents id
26、entifying them have remained consistent for the last three years.Of those seeing threat increases in 2022,malware,ransomware and phishing were at 56%,53%and 40%,respectively.In 2021,malware,ransomware and phishing were at 54%,48%and 40%,respectively.However,the reported threat sources have changed.I
27、n absolute terms with ranked choice voting,this years respondents prioritize human error,external hacktivists and nation-state actors,chosen by 77%,76%and 72%,respectively.In previous years,malicious insiders were more of a concern.of respondents say they have seen an increase in the volume or sever
28、ity of Malware attacks.59%10External Attackers HacktivistsExternal Attackers HacktivistsExternal AttackersExternal Attackers Nation-state actorsExternal Attackers Nation-state actorsWhich types of threats are you most concerned about?202320222021Malicious InsidersHuman ErrorHuman ErrorHuman ErrorSou
29、rce:S&P Global Market Intelligences 2021-2023 Data Threat custom surveys#03#03#03#01#01#01#02#02#02Only 64%of European enterprises with annual revenue of more than$1 billion say they are“very confident”or have“complete knowledge”of their datas location.64%Enterprise responses to threats continue to
30、lag.For starters,only 65%of enterprises say they are confident that they know their datas location.While enterprises cannot control external threats,they can lessen the impact and their vulnerability by better identifying their assets and adapting their transformation journey to incorporate #2023Dat
31、aThreatReport1 1Source:S&P Global Market Intelligences 2021-2023 Data Threat custom surveysRemote WorkHow concerned are you about the security risks/threats of employees working remotely?VERY CONCERNEDSOMEWHAT CONCERNED202120222023SOMEWHAT UNCONCERNEDNOT AT ALL CONCERNED39%16%43%2%31%18%48%3%27%22%4
32、5%6%2023 Data Threat Report:Global EditionInternal attitudes With human error identified as a leading cause of security concerns,and with poor security outcomes continuing to challenge enterprises,the 2023 Data Threat Report looks at internal attitudes and examines how enterprises are responding int
33、ernally.Like the 2022 report,81%of respondents say they would trust their enterprises systems to secure and manage their personal data.This level of confidence remains consistent among roles ranging from security practitioners to senior finance,legal and regulatory leaders.Concerns about risks from
34、remote work remain high,but these are softening.Just over a quarter(27%)of respondents report that they are“very concerned”about remote work risks,a 4-percentage-point drop from 2022 and 12 percentage points lower than in 2021.are confident in their organizations access security solutions to enable
35、secure and easy remote work.57%1216%4%17%15%30%34%16%20%16%18%5%7%1%1%Percentage of employees using strong authentication for SaaS/cloud appsWhat percentage of employees use strong authentication for SaaS/Cloud applications?NoneNone21-40%21-40%0-20%0-20%41-60%41-60%61-80%61-80%81-100%81-100%Dont kno
36、wDont knowSource:S&P Global Market Intelligences 2022-2023 Data Threat custom surveys20222023Respondents indicate an increase in positive user behavior;adoption rates of MFA/modern authentication serve as a barometer of user security culture and awareness.Authentication is a distinct user experience
37、 that affirms something known(passwords)and possessed(tokens).Authentication is arguably the most distinctive,frequent security experience for all users.Current or planned MFA adoption was flat at 55%for 2021 and 2022;in 2023,it has jumped to 65%.Moreover,the use of MFA specifically for SaaS apps is
38、 trending #2023DataThreatReport13Network SecurityNetwork SecurityNetwork SecurityEndpoint SecurityEndpoint SecurityCSPMIAMIAMControls considered most effective for protecting sensitive data(ranked choice)Which security technologies are most effective in protecting sensitive data from cyberattacks?En
39、cryption202320222021#03#03#03#01#01#01#02#02#02Source:S&P Global Market Intelligences 2021-2023 Data Threat custom surveys2023 Data Threat Report:Global EditionWhile increased MFA adoption rates reflect better end-user awareness and security culture to mitigate leading threats such as human error,th
40、ere remains some disconnect in what controls can protect sensitive data going forward.While respondents indicate that IAM is one of the most effective technologies to protect sensitive data,ranked-choice voting also reveals a variety of other controls.14The threat landscape and prevailing attitudes
41、face continued changes in new technologies that enterprises are adopting or anticipate adopting.New technologies such as 5G,edge computing and IoT are redefining how compute infrastructure is provisioned,utilized and secured.A new finding in this years report is that 77%of respondents report securit
42、y concerns about 5G.Of those with 5G security concerns,75%say protecting the identities of people and things connected to 5G networks is their greatest concern,and 66%say they are most concerned about the security of data moving across 5G networks.Within existing cloud deployments,respondents also r
43、eport a greater diversity of cloud infrastructure.Eighty percent of respondents are using one or more cloud service providers for a production workload.Multicloud remains the rule for enterprises across all geographies,cloud strategies,verticals and enterprise sizes.Cloud adoption across cloud servi
44、ce providers continues to grow,reflecting multicloud diversity.Anticipating new technologiesof respondents had security concerns around 5G.of those with concerns,protecting the identities of people and devices connected to 5G networks was the top concern,with 75%saying so.On average,respondents are
45、using 2.26 cloud service providers.77%75%2.265G5G#2023DataThreatReport15Source:S&P Global Market Intelligences 2021-2023 Data Threat custom surveys202%12%0%30%17%7%39%16%2%41%20%47%20%48%20%53%20%48%26%62%38%Cloud service providers in useOf the following cloud Infrastructure as a Service(
46、IaaS)providers,which does your organization use or plan to use in a production capacity?AWSIBMAWSIBMAWSIBMAzureOracleAzure Oracle Azure OracleGCPAlibabaOther GCP Alibaba Other GCPAlibabaOther2023 Data Threat Report:Global EditionAs noted above,a large majority(80%)of respondents currently use cloud
47、for production environments,while the remaining 20%are in pilot or near-term(less than 12 months)adoption phases.Cloud prevalence,and its capability for enterprises to employ new technologies with less opportunity cost,will continue to drive enterprise adoption and will only increase the pace of tec
48、hnological change.16While respondents are eager to adopt new technologies,they are also aware of the inherent risks.From 2021 through 2023,the percentage of respondents who“agree”or“strongly agree”that it is more complex to maintain privacy and data protection regulations in the cloud has steadily g
49、rown from 46%to 55%.Despite the complexity,more companies are putting more of their sensitive data in the cloud,and they have a higher proportion of sensitive data to overall data.This means a concurrent increase in data risks over time.In 2022,52%of respondents said that more than 40%of all their s
50、ensitive data was stored in the cloud.This percentage increased in 2023,with 64%of respondents saying that more than 40%of their sensitive data is stored in the cloud.The concentration of sensitive data in the cloud has also increased(thus increasing data risk).In 2021,49%of respondents said that mo
51、re than 40%of their cloud data was sensitive.That level has increased significantly:58%of 2022 respondents and 75%of 2023 respondents indicated that more than 40%of their cloud data is sensitive.External expectations new #2023DataThreatReport17Source:S&P Global Market Intelligences 2021-2023 Data Th
52、reat custom surveys202%58%75%Sensitive Cloud Data Has RisenThe concentration of sensitive cloud data(the percentage of respondents who say more than 40%of cloud data is sensitive)has dramatically risen.2023 Data Threat Report:Global EditionGiven the shifting of sensitive data toward the c
53、loud and the greater concentration of sensitive data in the cloud,it is not surprising that respondents identify their cloud assets as the biggest targets for cyberattacks.In ranked-choice selections,28%said that SaaS apps and cloud-based storage,26%said cloud-hosted applications or cloud databases
54、in IaaS/PaaS,and 25%said cloud infrastructure were the top attack targets.Regarding cloud infrastructure attacks,respondents are seeing increases in infrastructure compromise and third-party risk.In general,enterprises are tempering their organizations eagerness to transform using new technologies w
55、ith greater risk awareness.18So far,the 2023 Data Threat Report has revealed how enterprises perceive the external threat landscape,explored how they have changed their internal security attitudes and examined how enthusiastically they are adopting new technologies to competitively transform while b
56、alancing that enthusiasm with a greater awareness of risks from new technologies.Yet,organizations must also consider broader external events beyond their control.Just as the COVID-19 pandemic had a large effect on respondents to the 2021 and 2022 Data Threat Reports,notable external events affected
57、 2023 respondents as well:Sovereign clouds gained traction as several countries enforced digital sovereignty and data localization.US presidential mandates on zero trust took effect in Executive Order 14028.The National Institute of Standards and Technology approved four algorithms for PQC key excha
58、nge and digital signatures.Ratified legislation mandating post-quantum cryptography safety passed in December 2022.In response to the“Schrems II”case,US President Bidens Executive Order 14086 looks to overcome objections and build a path toward restoring the EU-US privacy shield.Several states in th
59、e US passed or amended privacy regulations.Regulations from the California Consumer Privacy Act were extended further with the California Privacy Rights Act,which takes effect in 2023.European industry looked to become more self-sufficient,not just in its sourcing of energy,but extending to the desi
60、re for digital self-sufficiency.Echoing the sentiment of self-sufficiency,the US passed the Chips and Science Act in August 2022.External events and the accompanying #2023DataThreatReport192023 Data Threat Report:Global EditionWith significant developments in external events,it remains important for
61、 enterprises to continue to consider data security a board-level initiative and to prioritize in the context of changing and growing regulations.In certain segments such as finance,regulations are growing at unprecedented rates.Security,technology,product and line-of-business leaders should work wit
62、h their legal and governance teams to prioritize data security initiatives,with the understanding that regulatory priorities are growing.Security disciplines will continue to be preventative or corrective,yet increasingly,their efficacy will be determined by how readily enterprises can apply them.Se
63、curity strategy must respond to these external events and put changing regulations into context for enterprises to progress.Digital sovereignty is the most significant external challenge for enterprises to respond to;it requires immediate attention and has long-term strategic implications.Growing Re
64、gulations.According to the S&P Global Market Intelligence Cappitech Global Regulatory Reporting Survey 2022,global regulatory reporting is an increasingly important consideration as regulators add new or extend existing regulations.99%of respondents have obligations in at least two regimes and a sol
65、id 13%are reporting in more than ten.99%of respondents have obligations in at least two regimes and a solid 13%are reporting in more than ten.”20More than half(55%)of respondents“agree”or“strongly agree”that data protection and compliance in the cloud is more difficult than in on-premises environmen
66、ts.The emergence of digital sovereignty adds further challenges to cloud data protection and compliance.Digital sovereignty is the ability for enterprises to have more control and freedom with the data,hardware and software used in their offerings and services.Digital sovereignty enables enterprises
67、 to have better localized enforcement of privacy laws to maintain safe data stewardship of sensitive and publicly identifiable information to adhere to different privacy,data security and resilience regulations worldwide.Digital sovereignty represents a significant opportunity for enterprises to opt
68、imize their systems and architectures while better serving stakeholders and citizens.Regarding digital sovereignty specifically,83%of respondents worldwide say they are“somewhat”or“very”concerned.Nearly all(96%)respondents say that either designating the location/jurisdiction of data or implementing
69、 full data encryption are acceptable methods to achieve varying requirements of cloud/digital sovereignty.Digital sovereignty remains both a short-and long-term challenge for enterprises.In the short term,current privacy legislation demands immediate action for enterprises.For the longer term,digita
70、l sovereignty requires enterprises to consider the sovereignty of data,operations and software.Anticipating digital sovereigntyof respondents were very or somewhat concerned that data sovereignty and/or privacy regulations will affect their organizations cloud deployment plans.83%#2023DataThreatRepo
71、rt212023 Data Threat Report:Global EditionData sovereignty means enterprises must maintain control over data.Data security enforced with encryption and access controls restricts data from foreign and unauthorized use.Encryption keys can even be managed separately from the cloud provider itself.Opera
72、tional sovereignty provides enterprises control over public cloud provider operations,such as limiting access for cloud provider support personnel.Software sovereignty means running workloads without dependence on a cloud providers software.This freedom helps enterprises avoid lock-in or dependency
73、on proprietary tools,which is particularly relevant given the number of multicloud organizations.With these challenges in digital sovereignty affecting internal attitudes,external realities and technology expectations,enterprises may feel like data security is too daunting.Yet a way forward for resp
74、ondents may be to continue iterating successfully on current data security initiatives.For example,only about 20%of respondents report that more than 60%of their cloud data is encrypted.The different data owners and stewards must collaborate more closely in the lifecycle through which data is create
75、d,accessed,processed and stored.Gaps between intention and implementation must be closed.While relatively few enterprises have encrypted most of their cloud data,the vast majority intend to do so,and they possess knowledge of encryption schemes.For example,regarding how they encrypt IaaS/PaaS data,5
76、5%of respondents say most or all of their applications use cloud provider encryption products,36%bring their own encryption tools for most of their workloads,and the remaining 9%use a blend of tools depending on workload.Similarly,enterprises should be prepared to be flexible with a variety of encry
77、ption schemes to serve different operational and data sovereignty requirements.More than half(59%)of respondent enterprises have delegated all or most of their encryption key control to their cloud service provider.This approach makes sovereignty more difficult to achieve because encryption key cont
78、rol cannot be repurposed independently of the cloud.As more enterprises pursue multicloud strategies and are required to maintain digital sovereignty and control,encryption key control and operation should be independent of any single cloud provider.Of the enterprises that control their own encrypti
79、on keys,54%report that they manage them through cloud consoles,and of those,29%use a hold-your-own-key(HYOK)and 45%use a bring-your-own-key(BYOK)scenario.Digital sovereignty represents both a short-term and long-term opportunity for enterprises.While changing data regulations require more immediate
80、responses,the long-term data,operational and software independence from any single cloud provider gives the enterprise the foundation to embrace new cloud technologies to strategically grow.20%Only about 20%of respondents report that more than 60%of their cloud data is encrypted.59%of respondent ent
81、erprises have delegated all or most of their encryption key control to their cloud service provider.22For data security practitioners as well as line-of-business,regulatory and technology teams,perhaps no collaboration is more urgent than when mission-critical operations are unavailable.In general,t
82、he speed and severity of ransomware attacks bring security program effectiveness and its organizational impacts into sharp,immediate focus.Starting in the 2022 Data Threat Report and again this year,respondents shared their ransomware responses,results and realities.The occurrence of ransomware incr
83、eased slightly from the 2022 report;22%of respondents have experienced a ransomware attack,compared to 21%in 2022.Fortunately,however,the severity of attacks declined.Just over a third(35%)of affected respondents say their ransomware incident had a significant impact or external operations exposure,
84、compared with 44%saying the same in 2022.Still,67%of affected respondents say they experienced some data loss from the attack.Organizational responses to ransomware remain inconsistent.Only 49%of enterprises use or have created a formal ransomware plan(unchanged from the 2022 report).One-fifth(21%)o
85、f 2023 respondents say they paid or would pay ransoms,despite legal questions about doing so.Respondents say the greatest impact of a ransomware attack was or would be financial-based,such as fines and penalties,rather than“softer costs,”such as loss of productivity.2023 respondents indicate that th
86、e cost of recovery and financial losses are the top two greatest impacts of ransomware attacks.The absence of formal plans to dictate engagement with internal/external personnel,law enforcement intervention or even ransom payment itself is a risk,with potentially severe downsides.Ransomware response
87、s,results and realities of respondents affected by ransomware say they experienced some data loss from the attack.67%#2023DataThreatReport23Security technologies receiving current spendingWhich of the following security technologies are you spending on today?CSPMNetwork SecurityEncryption-in-UseEncr
88、yptionCSPMCSPMIAMNetwork SecurityDLP202320222021#03#03#03#01#01#01#02#02#022023 Data Threat Report:Global EditionEnterprises did report a shift in spending to prevent ransomware attacks.In 2022,57%of respondents said they would shift or add a budget for ransomware tools,rising to 61%in 2023.Despite
89、these shifts,the response focus remains unclear.When asked what tooling organizations are spending on,responses have been varied.While enterprises report limited relief from ransomware attacks compared to last year,the results and responses from this years study still suggest closer stakeholder coll
90、aboration.While ransomware attacks are generally characterized by their immediate challenge,other long-term challenges in data security will persist with emerging threats.A new security technology has been added to the 2023 Thales Data Threat Report,“Encryption in use.”Encryption-in-use tools are pa
91、rt of a larger set of data-in-use data security enforcements that preserve the utility of data even when data secrecy persists.These emerging products include confidential computing and privacy-enhancing technologies.For more information,please see 451 Researchs Data Security Enforcement Market Map
92、2022.24Advances in quantum computing and the resulting ability to break classical encryption schemes are an increasing concern.Post-quantum cryptography(PQC)has emerged as a discipline to counter these concerns.Whereas classical encryption schemes such as RSA-2048 may require thousands of years to c
93、rack by“brute force”using conventional computing,quantum computing via Schorrs algorithm could potentially crack classical encryption techniques in seconds rather than centuries.Given the ubiquity of classical encryption schemes,the National Institute of Standards and Technology has been steadfastly
94、 calling for and collaborating on different PQC algorithms for secure key exchange and digital signatures.In 2022,it vetted four PQC algorithms,which are already being ported into common cryptographic libraries such as OpenSSL.As such,respondents indicate that future decryption of todays data or har
95、vest now,decrypt later(HNDL)and network decryption are their greatest security concerns regarding quantum computing.The concern with HNDL attacks is that adversaries are capturing classically encrypted data only to decrypt it at a more opportune,quantum-ready time.While 62%of respondents said networ
96、k decryption was the PQC security threat of greatest concern,many enterprises count on legal safe harbors for breach notification if lost data has been encrypted with strong classical controls.Post-quantum cryptography plans and prototypes of respondents said network decryption was the PQC security
97、threat of greatest concern.62%#2023DataThreatReport252023 Data Threat Report:Global EditionGiven the emerging challenges and solutions,PQC advocates have emphasized the practice of“crypto-agility,”whereby cryptography implementations are iterated in their validation and application.Simplification an
98、d consolidation,such as reducing the number of key management systems in use,are the best proactive measures enterprises can take to ensure crypto-agility.For example,62%of respondents report having five or more key management systems for their enterprise,up from 57%in 2022.Many key management syste
99、ms can be unwieldy and represent a greater burden for ensuring crypto-agility.Nearly two-thirds(62%)of enterprises have five or more key management systems,presenting a challenge for PQC and crypto-agility.62%26Back to basics After studying both internal attitudes and external expectations,the 2023
100、Data Threat Report shifts its focus to examine baseline data security program results and compares them to previous years outcomes.As mentioned previously,enterprises lack confidence in fully locating their data,with 35%of respondents“somewhat”or“not at all”confident for 2021,2022 and 2023.Similarly
101、,20%of enterprises have consistently been unable to classify their data across these three years.These figures remain stubbornly high across all geographies,verticals and enterprise sizes.Perhaps due to increasing regulatory burdens,audit failure remains stubbornly high though it does show increment
102、al improvement.The percentage of respondents who reported an audit failure was 48%,43%and 40%respectively for 2021,2022 and 2023.While these shortcomings may seem intractable,a path forward might be better achieved with a closer base of collaboration with more stakeholders.Such collaboration might n
103、ot resemble conventional internal and external partnerships.For example,according to 451 Researchs Voice of the Enterprise:Customer Experience&Commerce,Vendor Selection 2022 study,merchants,marketers and customer experience leaders identify data security as the number one inhibitor to growth for the
104、ir business,cited by 45%of respondents.Collaboration with other stakeholders consumers,partners,customers and regulators offers better buy-in to data security.Data security initiatives can originate unconventionally,so new collaboration patterns are required.By enabling all stakeholders to secure da
105、ta,enterprises can enable a stronger,more flexible baseline of controls for increasingly dynamic #2023DataThreatReport272023 Data Threat Report:Global EditionMoving ahead Enterprises face immediate and long-term opportunities for continued growth.As organizations continue their digital transformatio
106、n to become further data-driven,they need to better collaborate on data security,citizen privacy and digital sovereignty initiatives if they wish to choose their own destiny.Strong data security enables enterprises to adopt new technologies that may serve new markets(such as with 5G/edge)or satisfy
107、internal growth via safe SaaS adoption.Digital sovereignty represents both a short-term and long-term opportunity for enterprises.While changing data regulations require more immediate responses,long-term data,operational and software independence from any single cloud provider gives the enterprise
108、the foundation to embrace new cloud technologies to strategically grow.Enterprises that maintain more data security controls independent of any single cloud provider can more reliably apply controls to the environment with the best execution value.It remains imperative for enterprises to better coll
109、aborate with their stakeholders.Continued transformation success depends on a greater variety of stakeholders,such as customers,end users,developers,operators,regulators,risk managers and practitioners alike.Understanding their perspectives will allow leadership teams to better navigate the pathways
110、 forward.28Revenue$100m to$249.9m 91$250m to$499.9m 749$500m to$749.9m 796$750m to$999.9m 748$1Bn to$1.49Bn 229$1.5Bn to$1.99Bn 134$2Bn or more 142Industry SectorRetail 158Manufacturing 148Financial services 140Healthcare 139Federal government 125Public sector 122Technology 117Automotive 114Pharmace
111、uticals 108Telecommunications 101Australia1 10Brazil100Mexico106Canada107France257Germany252Italy105Netherlands100Hong Kong105India204Japan205New Zealand53Singapore109UK260USA508Sweden104UAE102South Korea102About this study This research was based on a global survey of 2,889 respondents that was fie
112、lded in November and December 2022 via web survey with targeted populations for each country,aimed at professionals in security and IT management.In addition to criteria about the level of knowledge on the general topic of the survey,the screening criteria for the survey excluded those respondents w
113、ho indicated an affiliation with organizations with annual revenue of less than US$100 million and with US$100 million-$250 million in selected countries.This research was conducted as an observational study and makes no causal #2023DataThreatReport29 Thales-April 2023 BBv8For all office locations and contact information,please visit