50% Organisations Suffer Loss of Sensitive Data


As marquee brands continue to reveal the challenges of successful cyberattacks targeting their business data, a new cyber report from Rubrik finds a stark reality: about one of every two organisations surveyed suffered a loss of sensitive data over the last year. In fact, one of six organisations experienced multiple losses of data in the past 12 months.

In its new research report, The State of Data Security: The Journey to Secure an Uncertain Future, Rubrik Zero Labs provides a view into the increasingly commonplace problem of cyber risks and the challenge to secure data across an organisation’s expanding surface area.

New technologies – from artificial intelligence (AI) to cloud – continue to create countless opportunities for modern cybersecurity threats that capitalise on the explosion of data worldwide, according to more than 1,600 security executives who participated.

Data Is Surging — And Shows No Signs of Slowing Down

  • A typical organisation’s data has grown 42% over the last 18 months, with SaaS data driving the most growth overall (145%) followed by cloud (73%) and on-premises (20%), as observed in the Rubrik Zero Labs Report (2023) .
  • On average, a typical organisation’s data volume totals 240 backend terabytes (BETB). Three Rubrik-protected organisations reported more than a petabyte of backend data storage.
  • Rubrik Zero Labs predicts that the total volume of data a typical organisation needs to secure will increase by almost 100 BETB in the next year — and by 7x in the next five years.

Organisations Struggle to Protect Sensitive Data Amid Growth

  • Global organisations have 24.8 million sensitive data records, observed on average.
  • 61% of organisations surveyed store sensitive data in multiple locations across cloud, on-premises, and SaaS environments, with less than 4% reporting a dedicated, sensitive data storage location.
  • Over half (53%) of external organisations surveyed experienced a material loss of sensitive information in the last year, with about one out of every six organisations (16%) experiencing multiple losses in 2022.
  • The most widely-reported data types compromised included personally identifiable information (38%), corporate financial data (37%), and authentication credentials (32%).

Data Policies Need To Be Improved To Meet Growing Data Security Needs

  • 66% of IT and security leaders surveyed believe their organisation’s current data growth is outpacing their ability to secure this data and manage risk.
  • Almost all (98%) external organisations surveyed believe they currently have significant data visibility challenges.
  • 62% of respondents suspect people inside their organisation are accessing data in violation of data policies.
  • 54% of external organisations surveyed have an appointed single senior executive responsible for data and its security.

“The explosive growth in data is due to increasing use of big data tied to artificial intelligence, the Internet of Things, and the increasingly common use of personal data generated by devices. Furthermore, it is rapidly changing both sides of the cybersecurity battlefront – including the myriad of ways that attacks are carried out and how our systems execute rapid response, from posture management to data security,” said Steven Stone, Head of Rubrik Zero Labs. “We see that left unattended, today’s data proliferation can cripple businesses. Organisations need to have the right visibility into their data to secure it, with a clear plan for cyber resilience that delivers business continuity.”

In its third global study since launching one year ago, Rubrik Zero Labs commissioned Wakefield Research to gather insights from more than 1,600 IT and security leaders — half of which were CIOs and CISOs — across 10 countries. This report is supplemented by a significant increase in Rubrik telemetry to provide an authentic view of organisations’ environments and threats they face, looking at more than 5,000 clients across 22 industries.

The report was commissioned by Rubrik and conducted by Wakefield Research among more than 1,600 IT and security decision-makers at companies of 500 or more employees.

Respondents were made up of approximately half CIOs and CISOs and half VPs and Directors of IT and Security.

The research was conducted in the US, UK, France, Germany, Italy, Netherlands, Japan, Australia, Singapore, and India between June 30, 2023 and July 11, 2023.

The survey supplemented Rubrik telemetry, looking at more than 5,000 clients across 22 industries and 67 countries.

The data includes over 35 exabytes of logical storage secured and more than 24 billion sensitive data records from January 2022 through July 2023.

You can read the full report here.