Only 20% firms have a proper ransomware plan in place, shows study

At least one in every 10 IT security leaders in India said that they have experienced ransomware attacks in the past year, according to a new research report published on Thursday. Despite ransomware being ranked as highest growing threat by the respondents in the country, only 20% of enterprises have a formal ransomware plan in place, with 10% resorting to paying the ransom demands, the 2024 Thales Data Threat Report, conducted by 451 Research mentioned.

The report shows that for a second year running, human error remains the leading cause of data breaches, with 34% of enterprises pinpointing this as the root cause. Additionally, 43% of respondents failed a compliance audit last year globally, with those companies 10-times more likely to suffer a data breach, it said.

Ransomware and malware stand out as the fastest-growing threat of 2024, with 42% of respondents ranking them as topmost fastest growing type of threat. Cloud assets, including software-as-a-service (SaaS) applications, cloud-based storage, and cloud infrastructure management, remain the primary targets for such attacks.

The research also found that 40% of respondents in India failed a compliance audit in the past twelve months highlighting a clear correlation between compliance and data security. Fundamental understanding of what systems, applications, and data are at risk continue to lag due to changing regulatory and threat landscapes. Only a third (31%) of Indian organisations are able to fully classify all of their data, with a worrying 20% stating that they classify very little or none of their data. Operational complexity also remains a barrier globally. While the number of respondents reporting five or more key management systems is down (53% versus 62% last year), the average number declined only slightly (from 5.6 to 5.4).

The reality of multicloud across services and changing global data privacy regulations means that data sovereignty is a leading priority for businesses, with 28% identifying mandatory external key management as the leading way to achieve sovereignty. 39% said that data residency would no longer be an issue provided that external encryption, key management, and separation of duties were implemented.

“Enterprises need to know exactly what they’re trying to protect. With data privacy regulations continually changing in India and across the world, enterprises need to have good visibility across their organisation to stand any chance of staying compliant,” said Ashish Saraf, VP and Country Director, Thales in India.

“If there’s one key takeaway from this year’s study, it’s that compliance is key. In fact, respondents that had a good hold over their compliance processes and passed all their audits were also less likely to suffer a breach. As India continues to progress in the technological landscape, we’ll start to see more compliance and security functions coming together. This would be a huge positive step to strengthen cyber defenses and build trust with customers,” he added.

Looking ahead, the report also explored which emerging technologies are top-of-mind for IT and security professionals, with 57% identifying Artificial Intelligence (AI) as a huge source of concern globally. This was closely followed by IoT (55%) and Post Quantum Cryptography (45%).

Ransomware attacks have been a persistent threat in recent years, and experts believe they will continue to increase in 2024. A report published by Checkpoint Research on January 19 also revealed that an astonishing one in every 10 organisations worldwide experienced attempted ransomware attacks in 2023, a surge of 33% from the previous year.

Earlier, cyber security firm Barracuda Networks said in a report published on 31 January that the annual cost of responding to cybercrime for businesses can soar to as much as $5 million in the next 12 months.