Latest Cloud Security Alliance survey highlights data risk obstacles to organizations
In an era of complex hybrid and multi-cloud environments, organizations are grappling with the nuance of identifying, prioritizing, and mitigating risks that threaten their most sensitive assets.
In response, the Cloud Security Alliance (CSA) today released the Understanding Data Security Risk survey report. Commissioned by Thales, a technology and security provider, the report shares critical insights into the obstacles organizations encounter when managing their data security risk and offers actionable steps they can take to secure their most sensitive assets.
“To successfully navigate today’s intricate risk environment, organizations must refine their strategies. Strengthening risk awareness, fostering cross-team alignment, unifying fragmented tools into cohesive platforms, and adopting proactive, risk-driven approaches allow organizations to enhance resilience, protect critical data, and streamline compliance, and in doing so, pave the way for a more robust and adaptable security posture,” said Hillary Baron, Senior Technical Research Director, Cloud Security Alliance.
The study examined companies’ security, governance, and compliance methods for assessing data risk across their assets, specifically how they identify, categorize, and evaluate risk, as well as the tools they use to monitor, assess, and mitigate it. The survey also sought to identify the key challenges organizations encounter when trying to gain a comprehensive view of their risk posture to minimize response effectiveness and potential downtime. Among the findings:
-
Many organizations lack the tools and confidence to identify high-risk data sources, with 31% reporting insufficient tooling and nearly 80% expressing low to no confidence in their ability to address these risks.
-
Diverging focuses between management and staff create inefficiencies. Executives prioritize aligning security efforts with broader business objectives (41%), while operational teams face resource constraints and rely heavily on manual (22%) or semi-automated (54%) processes.
-
Over half of organizations (54%) use four or more tools to manage data risks, leading to inefficiencies and conflicting information.
-
Compliance remains a primary driver for risk reduction (59%), but a heavy focus on regulatory adherence often leaves organizations unprepared for emerging threats.
-
Organizations are beginning to prioritize risk-based approaches, with identifying and prioritizing vulnerabilities ranking as top priorities.
While organizations continue to face a rapidly changing threat landscape, where the complexities of hybrid and multi-cloud environments expose new vulnerabilities and challenge traditional risk management strategies, the survey found that by gaining a deeper understanding of their own data risks, organizations can close confidence gaps, streamline operations, and stay ahead of evolving threats.
“In 2025, organizations must transition from a purely compliance-focused approach to a more proactive, risk-focused strategy. This requires a clear understanding of risk across key dimensions, including organizational risk, asset risk, and regulatory risk. Risk visibility must be quantifiable and prioritized according to its potential impact on the business. By leveraging key data risk indicators from the entire data estate, organizations can create an actionable risk view that empowers them to make informed and effective decisions to strengthen data security,” said Todd Moore, Vice President, Thales Data Security.
Thales financed the project and co-developed the questionnaire with CSA research analysts. The survey was conducted online by CSA in November 2024 and received 912 responses from IT and security professionals from organizations of various sizes and locations. CSA’s research analysts performed the data analysis and interpretation for this report.
Download the full Understanding Data Security Risk survey report.
