机构研究报告-Data security-外文版培训课件

DIGITAL

&

TRENDSDatasecurityCHAPTER

01OverviewInformationsecurityproductsandservicesmarketrevenueworldwidefrom2011to2024(inbillionU.S.dollars)Totalrevenueglobalinformationsecuritymarket2011-2024250200150210188.1172.5150.41133.78120.93114.15101.5410050082.23201675.67267.261.8552011201220132014201520172018201920202021202220232024*3Description:Theinformationsecuritymarkethasincreasedconsiderablyoverthepastyears.In2024,therevenueofthesecuritytechnologyandservicesmarketworldwideisexpectedtopeakat210billionU.S.dollars.Informationsecurityreferstothepracticeofmanagingaccesstoinformation,whetherthatissecuringinformationfromunauthorizedaccessorverifyingtheidentityofthosewhoclaimtohaveauthoritytoaccessinformation.ReadmoreNote(s):Worldwide;2011to2024;*Forecast.ReadmoreSource(s):GartnerEnd-userspendingoninformationsecurityworldwidefrom2013to2025,bysegment(inmillionU.S.dollars)End-userspendingoninformationsecurityworldwide2023-2025,bysegmentSecuritysoftwareSecurityservicesNetworksecurity250,000200,000150,000100,00050,000020232024*2025*4Description:Globalend-userspendingoninformationsecurityisforecasttogrowinthecomingyears,increasingfromaround162billionU.S.dollarsin2023toover211billionU.S.dollarsin2025.Mostspendinghasbeenconcentratedonsecurityservices,expectedtoexceed100billionU.S.dollarsby2025.ReadmoreNote(s):Worldwide;2024;*ForecastReadmoreSource(s):GartnerGrowthrateofend-userspendingoninformationsecurityworldwidefrom2013to2025,bysegment(inmillionU.S.dollars)Growthrateofspendingoninformationsecurityworldwide2023-2025,bysegmentSecuritysoftwareSecurityservicesNetworksecurityTotal18%16%14%12%10%8%15.6%15.1%15.1%14.2%13.6%13.6%13.6%13.4%13.1%12.7%9.6%6.2%6%4%2%0%20232024*2025*5Description:End-userspendingoninformationsecurityisforecasttogrowinthecomingyears.Networksecurity,inparticular,isexpectedtobethefastest-growingsegmentintheinformationsecuritymarket,whilethesecuritysoftwareandthesecurityservicessegmentsshouldgrowatarelativelysteadypace.Overall,thesourceexpectsthetotalinformationsecurityspendingtoincreasebyaround15percentin2025comparedto2024.

ReadmoreNote(s):Worldwide;2024;*Forecast.ReadmoreSource(s):GartnerEmergingITsecuritytechnologiesandarchitecturesworldwidein2024,bydeploymentstatusGlobalemergingITsecuritytechnologiesandarchitectures2024,bydeploymentstatusShareofrespondentsImplmentationinprogress

ImplementationtobeginsoonCurrentlyinproduction0%Noplans80%20%42.4%40.7%40.2%39.8%39.5%39.1%37.9%35.8%34.8%40%60%35%100%8%120%Identitythreatdetectionandresponse(ITDR)SaaSsecurityposturemanagement(SSPM)Cloud-nativeapplicationprotectionplatform(CNAPP)Cloudinfrastructureentitlementmanagement(CIEM)Passwordlessauthentication14.7%17.3%33.6%31.9%36.9%30%35.6%8.4%8.8%9.5%19.1%13.9%16.8%15.7%17.7%17.2%19.6%13.7%Secureaccessserviceedge(SASE)9.7%10.4%9%Risk-basedvulnerabilitymanagement(RBVM)Zerotrustnetworkaccess(ZTNA)34%38.1%Extendeddetectionandresponse(XDR)35.8%9.8%6Description:AsofNovember2023,theemergingITsecuritytechnologyimplementedthemostbycompaniesworldwidewasidentitythreatdetectionandresponse(ITDR).Moreover,35.8percentofrespondentsstatedthattheircompanywascurrentlyintheprocessofimplementingzerotrustnetworkaccess(ZTNA),while19.6percentofrespondentswerepreparingtoimplementanextendeddetectionandresponse(XDR)system.

ReadmoreNote(s):Worldwide;November2024;1,200respondents;RespondentswhohaveanITsecurityjobroleinanorganizationwithmorethan500employeesSource(s):CyberEdge;ISC2CHAPTER

02InvestmentsandprioritiesCybersecuritybudgetchangesforcompaniesworldwide2025Cybersecuritybudgetchangeforcompaniesworldwide202535%30%30%25%20%15%10%5%27%12%8%0%Increaseby5%orlessIncreaseby6%-10%Increaseby11%-14%Increaseby15%ormore8Description:Ina2024survey,30percentofbusinessandtechnologyexecutivessurveyedforthestudyexpectedtheircompany'scyberbudgettoincreasebetweensixandtenpercentin2025.Overall,77percentofrespondentsworldwideanticipatetheirorganization'scybersecuritybudgettoincreasein2025.ReadmoreNote(s):Worldwide;MaytoJuly2024;4,042respondents;businessandtechnologyleaders.Source(s):PwC;PwCIndiaCybersecurityinvestmentprioritiesforbusinessleadersworldwidein2025Cybersecurityinvestmentprioritiesforbusinessleadersworldwide202560%48%50%40%30%20%10%0%43%34%30%20%Dataprotectionordatatrust

Modernizationoftechnology,includingcyberinfrastructureOngoingsecuritytrainingOngoingimprovementsinrisk

Remediationintheaftermathposturebasedoncyberroadmapofrecentcyberbreachesorintrusionsintotheorganizationorindustry9Description:Whenaskedabouttheircybersecurityinvestmentprioritiesfor2025,nearlyhalfofrespondentsamongbusinessleadersworldwidehighlighteddataprotectionordatatrust.Inaddition,43percentofrespondentswereplanningtoprioritizetechnologymodernization,includingcyberinfrastructure.Overall,34percentofrespondentsnamedongoingsecuritytrainingatopinvestmentpriorityfor2025.ReadmoreNote(s):Worldwide;MaytoJuly2024;4,042respondents;businessleadersSource(s):PwC;PwCIndiaWillingnessofcompaniesworldwidetoincreasesecurityinvestmentfollowingadatabreachin2023versus2024Securityinvestmentfollowingadatabreachincompaniesworldwide2023vs.2024YesNo706050403020100635149372023202410Description:Accordingtoa2024survey,63percentofcompaniesworldwideplannedtoincreasetheircybersecurityinvestmentfollowingadatabreach.Thisrepresentsa12-percentincreasefromthepreviousyear.

ReadmoreNote(s):Worldwide;FromMarch2023toFebruary2024;3,556respondentsSource(s):IBM;PonemonInstituteMainsecurityinvestmenttypesfollowingadatabreachincompaniesworldwidein2024Mainsecurityinvestmenttypesfollowingadatabreachincompaniesworldwide2024Shareoforganizations2001030405060IRplanningandtestingThreatdetectionandresponsetechnologiesEmployeetraining555146IAM42OffensivesecuritytestingDatasecurityandprotectionprotocolsManagedsecurityservicesInsuranceprotection4034282611Description:Accordingtoa2024survey,55percentofcompaniesworldwideplannedtoincreasetheirinvestmentinIncidentResponse(IR)planningandtestingfollowingadatabreach.Inaddition,over50percentdeclaredwantingtoinvestmoreinthreatdetectionandresponsetechnologiesaftersuchevent.ReadmoreNote(s):Worldwide;FromMarch2023toFebruary2024;3,556respondentsSource(s):IBM;PonemonInstituteCHAPTER

03MeasuresPrimaryactivitiestobemonitoredtomaintainastrongdatasecuritypostureworldwidein2024Mainmonitoringactivitiesforastrongdatasecuritypostureworldwide2024Shareofrespondents20%0%10%30%40%50%60%58%70%UnauthorizedaccessattemptsDataexfiltrationattempts56%55%OverprivilegedaccessforhumansChangesindataaccesspermissionsOverprivilegedaccessfornon-humanidentitiesDatatransferandsharingactivitiesDatabeingremovedordeleted49%42%41%40%Usagepatternsofsensitivedata36%Industrycomplianceviolations31%Configurationchangesindatastores22%13Description:Asorganizationsstrivetofortifytheirdatasecurityposturein2024,monitoringunauthorizedaccessattemptsemergesasthetoppriorityfor58percentofcompaniesworldwide.Thisfocusondetectingpotentialbreachesunderscoresthegrowingawarenessofcyberthreatsandthecriticalneedforrobustcybersecuritymeasures.Dataexfiltrationattemptsandoverprivilegedaccessforhumansalsorankhighonthelistofkeyactivitiestomonitor,highlightingthemultifacetedapproach[...]

ReadmoreNote(s):Worldwide;September2024;637respondents;ITandcybersecurityprofessionals.Source(s):CybersecurityInsiders;CyeraMainapplicationanddata-centricsecuritytechnologiescurrentlyinuseorplannedforacquisitionbyorganizationsworldwidein2024Companies'datasecuritydeploymentstatusworldwide2024,bytechnologyShareofrespondentsCurrentlyinuse0%Plannedforacquisition20%Noplans40%60%80%25.7%100%11.5%120%DatabasefirewallWebapplicationfirewall(WAF)62.8%60.8%60%29.8%32.9%9.4%7.1%11%10%APIgateway/protectionDatabaseactivitymonitoring(DAM)55.6%54.3%50.8%48.3%46.9%45.2%44.8%41.4%36%33.4%35.7%35.1%Applicationcontainersecuritytools/platformCloudaccesssecuritybroker(CASB)14.1%Applicationdeliverycontroller(ADC)36.6%39.5%15.1%13.6%16.9%15.9%19%Fileintegrity/activitymonitoring(FIM/FAM)Runtimeapplicationself-protection(RASP)Static/dynamic/interactiveapplicationsecuritytesting(SAST/DAST/IAST)Thirdpartycodeanalysis37.9%39.3%39.6%43.7%Botmanagement20.3%14Description:AsofNovember2023,theapplicationanddata-centricsecuritytechnologymostusedbycompaniesworldwidewasdatabasefirewall.Atthesametime,over60percentofrespondentsstatedthattheircompanyalreadyusedwebapplicationfirewall(WAF).ꢀMoreover,thedatasecuritytechnologythatmostcompaniesplannedtoacquireinthenext12monthswasbotmanagement.ReadmoreNote(s):Worldwide;November2023;1,200respondents;RespondentswhohaveanITsecurityjobroleinanorganizationwithmorethan500employeesSource(s):CyberEdge;ISC2ProtocolsputinplacebyCISOstocombatorganizationaldatalossin2024ProtocolsputinplacebyCISOstocombatorganizationaldataloss2024Shareofrespondents0%10%20%30%40%50%60%WeeducateemployeesondatasecuritybestpracticesWehaveacloudsecuritysolutioninplace(example:CASB)Wehaveadatalossprevention(DLP)agentinplaceWehaveendpointsecuritytechnologyinplace53%52%51%49%Wehaveemailsecuritytechnologyinplace48%Wehaveisolationtechnologywhichavoidsemployeesenteringcredentialsonwebforms42%15Description:Accordingtoa2024survey,themostpopularprotocolputinplacebyChiefInformationSecurityOfficers(CISOs)worldwidetocombatorganizationaldatalosswaseducatingemployeesondatasecuritybestpractices,ashighlightedby53percentofrespondents.Inaddition,over50percentofrespondentsconsideredcloudsecurityandDataLossPrevention(DPL)technologysolutionseffectiveprotocolstocombatorganizationaldataloss.

ReadmoreNote(s):Worldwide;January20toFebruary2,2024;1,600respondents;ChiefInformationSecurityOfficers(CISOs)fromorganizationswithmorethan200employeesacrossdifferentindustriesin16countriesSource(s):Censuswide;ProofpointLeadingtechnologiesforeffectivezerotrustimplementationworldwidein2024Maintechnologiesforeffectivezerotrustimplementationworldwide2024Shareofrespondents10%0%5%15%20%25%30%35%SecurityServiceEdge(SSE)platformsIdentityproviders(SSOandMFA)32%26%SecurityInformationandEventManagement(SIEM)EndpointSecuritysolutions22%21%16Description:Whenaskedina2024surveywhichtechnologywasmostcriticaltoazerotruststrategy,nearlyone-thirdofrespondentsamongITpractitionersandcybersecurityexpertsmentionedSecurityServiceEdge(SSE)platforms.Identityproviderssuchassinglesignon(SSO)andmulti-factorauthentication(MFA)rankedsecond,selectedby26percentofrespondents.SecurityInformationandEventManagement(SIEM)followed,at22percent.ReadmoreNote(s):Worldwide;February2024;631respondents;

ITprofessionals,cybersecurityexperts,anddecision-makersfromorganizationsofvaryingsizesacrossmultipleindustries.Source(s):CybersecurityInsiders;HPEPrimarymethodsforgainingvisibilityintosensitivedataacrossdifferentenvironmentsworldwidein2024Mainmethodsforvisibilityintosensitivedataacrossenvironmentsworldwide2024Shareofrespondents0%10%20%30%40%50%60%Wehaveadifferentsecurityserviceforeachofourenvironmenttypes(SaaS,IaaS,PaaS,on-premises,etc.)53%IntegratedsecuritysolutionsManualdatacatalogingandclassification49%36%Wedonotcurrentlyhaveasolutionthatsupportsallenvironments27%17Description:In2024,around53percentofthesurveyedITandcybersecurityprofessionalsworldwideclaimedthattheirorganizationshadadifferentsecurityserviceforeachoftheirenvironmenttypes(SaaS,IaaS,PaaS,on-premises,etc.)asamethodtogainvisibilityintosensitivedataacrossthedifferentenvironments.About49percentoftherespondentsclaimedtomakeuseofintegratedsecuritysolutions.ReadmoreNote(s):Worldwide;September2024;637respondents;ITandcybersecurityprofessionalsSource(s):CybersecurityInsiders;CyeraCHAPTER

04ChallengesPrimarychallengesfacedbyorganizationsworldwideinmanagingdatasecurityposturein2024Mainchallengesinmanagingdatasecuritypostureworldwide2024Shareofrespondents0%

10%20%30%40%50%48%60%Complexityofmanagingdatasecuritypostureacrossmulti-cloudandhybridenvironments51%LackofvisibilityintodatathatexistswithinmySaaSenvironmentIntegrationissueswithexistingsecurityinfrastructure43%Understandingwhichhumanandnon-humanidentitieshaveaccesstosensitivedata31%28%26%25%23%22%LackofvisibilityintodatathatexistswithinmyPaaSenvironmentLackofvisibilityintodatathatexistswithinmyIaaSenvironmentLimitedautomationfordataincidentremediationprocessesLackofvisibilityintodatathatexistswithinmyon-premisesenvironmentLackofmonitoringintodataeventsthatmatter19Description:Datasecuritychallengesinmulti-cloudandhybridenvironmentscontinuetoplagueorganizationsworldwide,withoverhalfofrespondentsamongITandcybersecurityprofessionalsworldwidecitingcomplexityinmanagingdatasecuritypostureacrossthesediversecloudinfrastructuresastheirprimaryconcernin2024.Thishighlightsthegrowingdifficultiescompaniesfaceastheynavigateincreasinglycomplexdigitallandscapes,balancingthebenefitsofcloudadoptionwiththeneedfor[...]ReadmoreNote(s):Worldwide;September2024;637respondents;ITandcybersecurityprofessionals.Source(s):CybersecurityInsiders;CyeraPrimarychallengesarounddatasecurityworldwidein2024Mainchallengesinsecuringdataworldwide2024Shareofrespondents0%10%20%30%40%50%60%57%Excessivedataaccess,overprivilegedaccountsNovisibilityintothesensitivedatathatexistsintheenvironmentDatamanagement,managinglargeamountsofdataNeedtodealwithsensitivepersonaldata50%46%43%Dataaccuracygivenincompletedatavisibility,whichcanleadtoincorrectconclusions39%Concernsoverrestrictivedataaccess-overly-constrictivecontrolsLackofvisibilityorcontroloverhowSaaSservicestransferandusesensitivedataOther35%33%1%20Description:In2024,excessivedataaccess,oftenresultingfromoverprivilegedaccounts,wasconsideredthemainchallengearounddatasecuritybyaround57percentofrespondentorganizationsworldwide.Atthesametime,abouthalfoftherespondentsclaimedthelackofvisibilityintoexistingsensitivedataintheenvironmentalsoconstitutedaprimarydatasecuritychallenge.ReadmoreNote(s):Worldwide;September2024;637respondents;ITandcybersecurityprofessionalsSource(s):CybersecurityInsiders;CyeraMainconcernsaroundcompromiseddatabytypeworldwidein2024Mainconcernsaroundcompromiseddatabytypeworldwide2024Shareofrespondents0%10%20%30%40%50%60%70%68%80%CustomerdataFinancialdata63%IntellectualpropertyEmployeedataHealthrecordsOperationaldataPartnerdata37%36%28%22%19%21Description:In2024,around68percentofthesurveyedITandcybersecurityprofessionalsworldwideclaimedtobeconcernedaboutcustomerdatabecomingcompromised.Globalprofessionalsalsoshowedgreatconcernoverfinancialdataandmoderateconcernoverintellectualproperty,mentionedbyabout63and37percentoftherespondents,respectively.ReadmoreNote(s):Worldwide;September2024;637respondents;ITandcybersecurityprofessionalsSource(s):CybersecurityInsidersTypesofdatamostsusceptibletoinsiderattacksworldwidein2023Typesofdatamostsusceptibletoinsiderattacksworldwide2023Shareofrespondents0%5%10%15%20%25%30%35%40%45%44%50%FinancialdataCustomerdata41%Employeedata37%Allcompany-sensitivedataPersonalhealthinformation(PHI)SystemconfigurationandcredentialsIntellectualproperty31%29%27%25%24%CommunicationdataOperationaldata22%Businesspartnerdata20%22Description:Ina2023survey,44percentofrespondentsamongITprofessionalsworldwidefoundfinancialdatatobethemostsusceptibletoinsiderattacks.Customerdataandemployeedatafollowed,with41percentand37percentofrespondents,respectively.Bycontrast,onlyone-fourthofrespondentsconsideredintellectualpropertydatatobethemostsusceptibletoinsiderattacksReadmoreNote(s):Worldwide;December2023;467respondents;professionalsoccupyingvariousroles,fromtechnicalexecutivestoITsecuritypractitioners,acrossmultipleindustriesandorganizationsizes.Source(s):CybersecurityInsiders;SecuronixCHAPTER

05DatabreachesLargestdatabreachincidentsdisclosedworldwidein2024Biggestdatabreachesglobalin2024Name

ofthe

organizationAT&T(March)Impact73customerrecordsimpacted110millionpeopleaffected300millionpatientinteractionsAround165companiesimpactedUndisclosedAT&T(July)SynnovisransomwareattackSnowflakehackCencoradatabreachMediSecuredatabreachNearly13millionindividualsimpactedHealthinformationof13.4millionpatientsimpacted62millioncustomersimpactedKaiserdatabreachUSPSsharingofusers'personalinformationEvolveBankdatabreach7.6millionpeopleimpactedNationalPublicDatabreachAround3billionrecordsaffected24Description:In2024,numerousdatabreachincidentsweredisclosed,causinguncertaintyamongcustomers.Someoftheincidentshaverefusedtodisclosetheexactnumberofindividualsimpacted,sotheimpactinthesecasesisonlyestimated.ThelargestdatabreachisbelievedtohaveimpactedeveryAmerican,witharoundthreebillionrecordsbeingbreached.AUK-basedpathologylab,Synnovis,sawaransomwareattackinJuly2024,whichimpactedapproximately300millionpatients.

ReadmoreNote(s):Worldwide;2024Source(s):TechCrunchNumberofuseraccountsexposedworldwidefrom1stquarter2020to3rdquarter2024(inmillions)GlobalnumberofbreacheduseraccountsQ12020-Q32024900818.528007006005004003002001000485.48457.45449.28422.61399.59353.96274.04277.26254.62215.43146.33119.19101.2293.2881.2574.0767.7337.66Q12020Q2

2020Q3

2020Q4

2020Q1

2021Q2

2021Q3

2021Q4

2021Q1

2022Q2

2022Q3

2022Q4

2022Q1

2023Q2

2023Q3

2023Q4

2023Q1

2024Q2

2024Q3

202425Description:Duringthethirdquarterof2024,databreachesexposedmorethan422millionrecordsworldwide.Sincethefirstquarterof2020,thehighestnumberofdatarecordswereexposedinthefirstquarterof202,morethan818milliondatasets.Databreachesremainamongtheꢀbiggestconcernsofcompanyleadersworldwide.Themostcommoncausesofsensitiveinformationlosswereoperatingsystemvulnerabilitiesonendpointdevices.

ReadmoreNote(s):Worldwide;Q12020toQ22024;basedonthesourcecharacteristics;widerindustrymetricsmayvary.Source(s):SurfSharkCountrieswiththehighestnumberofdatapointsleakedindatabreachesworldwidefrom2004to2024YTDLeadingcountriesbynumberofdatapointsleakedworldwide2004-2024YTDNumberofleakeddatapoints02,000,000,000

4,000,000,000

6,000,000,000

8,000,000,00010,000,000,00012,000,000,00014,000,000,00016,000,000,00018,000,000,00020,000,000,000UnitedStatesRussiaChina17,457,402,0954,464,785,0232,064,810,124FranceIndia1,499,945,6391,341,663,973Brazil1,283,336,261UK1,062,281,584GermanyItaly1,032,780,070668,639,628Canada635,044,48026Description:Between2004andOctober2024,theUnitedStatesrecordedthehighestnumberofdatapointsleakedonline.Overall,morethan17billiondatapointswereleakedinthecountryduringthemeasuredperiod.Russiarankedsecond,withmorethanfourbillionleakeddatapoints.ReadmoreNote(s):Worldwide;2004to2024YTDSource(s):SurfSharkTypeofdatacompromisedinworldwidedatabreachesfrom2021to2024Globaltypeofdatacompromised2021-2024202120222023202443%60%50%40%30%20%10%0%52%48%47%44%40%37%34%34%33%31%31%28%27%26%26%24%21%15%12%CustomerPIIEmployeePIIIntellectualpropertyAnonymizedcustomerdata(non-PII)Othercorporatedata27Description:Customers'personalidentifiableinformationwasthemostcommontypeofdatacompromisedinworldwidedatabreaches.48percentofcompromisedrecordsfellintothiscategoryin2024.Thesecond-mostbreachedkindofdatawasemployeepersonalidentifiableinformation,witharound37percentofallbreachedrecordsinthesameyear.ReadmoreNote(s):Worldwide;2021to2024;multipleresponseswerepermittedSource(s):IBM;PonemonInstituteAveragecostofadatabreachworldwidefrom2014to2024(inmillionU.S.dollars)Averagetotalcostperdatabreachworldwide2014-20246.04.885.04.454.354.2443.923.863.863.794.03.02.01.00.03.623.52014201520162017201820192020202120222023202428Description:AsofFebruary2024,theglobalaveragecostperdatabreachamountedto4.88millionU.S.dollars,anincreasefrom4.45millionU.S.dollarsinthepreviousyear.Theaveragecostofadatabreachvariedacrosssectors,withtheꢀhighestaveragecostinthehealthcareindustry.ReadmoreNote(s):Worldwide;2014to2024;550organizationsSource(s):IBM;PonemonInstituteCostdistributionofdatabreachworldwidefrom2018to2024,bymaincostsegments(inmillionU.S.dollars)Globalcostdistributionofdatabreach2018-2024,bymaincostsegmentsLostbusinesscostDetectionandescalationPost-breachresponseNotification6.05.04.03.02.01.00.00.431.350.371.20.311.180.270.211.070.161.020.240.991.141.631.241.441.231.111.581.221.591.521.471.451.421.421.3201820192020202120222023202429Description:AsofFebruary2024,ꢀtheaveragecostofadatabreachworldwidewasabout4.88millionU.S.dollars.Ofthistotal,1.63millionU.S.dollarswerethecostsfordetectionandescalation,1.47millionU.S.dollarswerethecostsoflostbusiness,and1.35millionU.S.dollarswerepost-breachresponsecosts.ReadmoreNote(s):Worldwide;2018to2024Source(s):IBM;PonemonInstituteAveragecostofadatabreachbysecurityautomationlevelinorganizationsworldwidefrom2018to2024(inmillionU.S.dollars)Averagecostofadatabreachbysecurityautomationlevelinglobalcompanies2024Extensiveuse6.03LimiteduseNouse8765432106.716.25.725.365.164.644.434.114.043.863.853.843.73.63.393.152.882.92.652.45201820192020202120222023202430Description:Databreachescostcompaniesconsiderablylesshadtheydeployedsecurityautomation.In2024,adatabreachcostanorganizationthatextensivelyusedsecurityautomation3.84millionU.S.dollarsonaverage,comparedto5.72millionU.S.dollarsonaverageforanorganizationwithnosuchdeployment.ReadmoreNote(s):Worldwide;2018to2024;3,556respondentsSource(s):IBM;PonemonInstituteMeantimetoidentifyandcontaindatabreachesworldwidefrom2017to2024(indays)Globalmeantimetoidentifyandcontaindatabreaches2017-2024MeantimetoidentifyMeantimetocontain21225020015010050206207207204197194191757373736970666402017201820192020202120222023202431Description:Asof2024,themeannumberofdaystoidentifythedatabreacheswas194days,fourpercentlessthaninthepreviousyear.Themeantimecompaniesneededtocontainthebreachesin2024was64days.Incomparison,in2022,ittookorganizations207daystoidentifyand70daystoaddressthedatabreaches.ReadmoreNote(s):Worldwide;2017to2024Source(s):IBM;PonemonInstituteCHAPTER

06Specialfocus:DatasecurityinthecloudMainmeasurestakentoprotectdatainthecloudvs.on-premisesworldwidein2024Mainmeasurestakentoprotectdatainthecloudvs.on-premisesworldwide2024ShareofrespondentsInthecloud0%

20%On-premises40%60%80%100%120%83%74%140%160%180%Multifactorauthentication83%81%BackupsPasswordmanagement73%73%72%Encryption73%Employeetraining68%71%70%66%66%65%Endpointmanagement66%Auditingofuseractivity63%PriviligedaccessmanagementReviewofaccessrights(attestation)Identitygovernance,includinguserprovisioninganddeprovisioningDataclassification63%60%55%48%58%52%33Description:In2024,83percentofrespondentsinaglobalsurveyhadimplementedmultifactorauthenticationastheirmaindataprotectionmeasure,bothinthecloudandon-premises.Furthermore,over80percentofrespondentsstatedthattheircompanyhadalreadyimplementedbackupsinthecloud.ReadmoreNote(s):Worldwide;February2024;1,309respondents;ITprofessionalsfrom104countriesSource(s):NetwrixMostcommonsecurityincidentsinthecloudandon-premisesworldwidein2024Mostcommonsecurityattacksinthecloudandon-premisesworldwide2024ShareofrespondentsOn-premises20%Inthecloud30%0%10%40%38%50%60%70%80%74%73%PhishingUseraccountcompromise34%34%RansomwareorothermalwareattackTargetedattacksoncloudinfrastructureAccidentaldataleakage31%27%28%21%20%16%17%AdminaccountcompromiseDatatheftbyhackers12%14%12%13%Datatheftbyinsiders8%9%Supplychaincompromise34Description:In2024,themostcommonsecurityincidentworldwidebothinthecloudandon-premisesremainedphishing,with73and74percentofrespondentsstatingthattheircompanydealt