Survey findings reveal the challenges organizations face and the opportunities they have to strengthen their security posture
“To successfully navigate today’s intricate risk environment, organizations must refine their strategies. Strengthening risk awareness, fostering cross-team alignment, unifying fragmented tools into cohesive platforms, and adopting proactive, risk-driven approaches allow organizations to enhance resilience, protect critical data, and streamline compliance, and in doing so, pave the way for a more robust and adaptable security posture,” said Hillary Baron, Senior Technical Research Director, Cloud Security Alliance.
The study examined companies’ security, governance, and compliance methods for assessing data risk across their assets, specifically how they identify, categorize, and evaluate risk, as well as the tools they use to monitor, assess, and mitigate it. The survey also sought to identify the key challenges organizations encounter when trying to gain a comprehensive view of their risk posture to minimize response effectiveness and potential down time.
Among the findings:
- Many organizations lack the tools and confidence to identify high-risk data sources, with 31% reporting insufficient tooling and nearly 80% expressing low to no confidence in their ability to address these risks.
- Diverging focuses between management and staff create inefficiencies. Executives prioritize aligning security efforts with broader business objectives (41%), while operational teams face resource constraints and rely heavily on manual (22%) or semi-automated (54%) processes.
- Over half of organizations (54%) use four or more tools to manage data risks, leading to inefficiencies and conflicting information.
- Compliance remains a primary driver for risk reduction (59%), but a heavy focus on regulatory adherence often leaves organizations unprepared for emerging threats.
- Organizations are beginning to prioritize risk-based approaches, with identifying and prioritizing vulnerabilities ranking as top priorities.
While organizations continue to face a rapidly changing threat landscape, where the complexities of hybrid and multi-cloud environments expose new vulnerabilities and challenge traditional risk management strategies, the survey found that by gaining a deeper understanding of their own data risks, organizations can close confidence gaps, streamline operations, and stay ahead of evolving threats.
“In 2025, organizations must transition from a purely compliance-focused approach to a more proactive risk-focused strategy. This requires a clear understanding of risk across key dimensions, including organizational risk, asset risk, and regulatory risk. Risk visibility must be quantifiable and prioritized according to its potential impact on the business. By leveraging key data risk indicators from the entire data estate, organizations can create an actionable risk view that empowers them to make informed and effective decisions to strengthen data security,” said Todd Moore, Vice President, Thales Data Security.





