Blog

2024 Data Breaches: 93% of CISOs Say Policies Not Working

In a recent report from TAG Infosphere, an independent analyst firm, researchers evaluated current security and resilience policies for data contained on enterprise organizations’ endpoints. Through a survey of Chief Information Security Officers (CISOs) at major organizations, TAG discovered that most enterprise security teams lack sufficient security policy enforcement. In addition to a lack of sufficient security policy enforcement, they found that a high percentage of organizations haven’t established effective endpoint data protocols designed to ensure data resiliency

As organizations attempt to close security gaps and prevent future data breaches in 2024, the report’s findings can help security leaders implement a stronger cyber resilience policy that addresses common gaps in data security.

93% of CISOs Don’t Believe Their Data Protection Policy for Endpoints Is Working

The TAG report reveals a stark reality: the majority of CISOs report that they don’t have a viable data resilience policy. 93% of CISOs surveyed had an endpoint data protection policy in place; 36% said it was not working, and 57% thought it only partially worked. That’s right—only 7% of CISOs with endpoint data protection policies believed those policies were definitely working.

How TAG Determined Their Findings

TAG works on a day-to-day basis with nearly 120 major enterprise security teams, which provides them with an accurate proxy for the trends, issues, and sentiments regarding data security across the industry. After surveying two dozen CISOs at mostly large businesses, researchers uncovered several alarming findings about cyber resilience for data stored on endpoints at these organizations. 

What Do These Findings Mean For Enterprise & Small-Business Data Security?

TAG’s findings raise significant concerns about the threat of data breaches at major organizations and the damage these breaches could do to them. 

While organizations are well aware of the threat of ransomware and malware, they often struggle to create and deploy effective policies aimed at reducing the risk associated with  of data breaches on endpoints. 

3 More Statistics About the Risk of 2024 Data Breaches

If you’re interested in improving cyber resilience at your own company, review some of the other essential findings uncovered in the report:

1. 71% of CISOs and Enterprise Security Team Members Wouldn’t Be Surprised If They Had a Data Breach on Their Laptops and PCs

Alongside surveying CISOs directly about their policy, TAG also asked CISOs and their enterprise security teams if they’d be surprised if a data breach was to occur involving data stored on their PCs and laptops. 71% of respondents answered that they wouldn’t be surprised if they had a data breach on their laptops and PCs. Combine this with the lack of confidence that endpoint data is being protected and we end up with a recipe for data loss and all of its associated financial, operational, reputational, and legal risks.,   

2. 79% of CISOs Are Open to Deploying a New Functional Control for PCs and Laptops

To finish the survey, TAG researchers asked whether CISOs would be open to deploying a functional backup control in the form of a commercial platform to address this aggregate risk of data on PCs and laptops. This question aimed to uncover whether organizations had a gap in coverage for PCs and laptops in their security portfolio.

79% of respondents replied they would be open to deploying a functional backup control, indicating a gap in coverage at these companies and, encouragingly, their willingness to take action to address this gap. 

3. 7% of CISOs Don’t Have a Policy to Protect Data Stored on Employee Endpoints

After CISOs were asked if they have a policy and associated control in place to protect the confidentiality, integrity, and availability of stored data on your employee PCs and laptops, 7% said they didn’t. This lack of a cyber resilience policy at nearly 1 in 10 organizations is extremely alarming, as it puts these organizations at a much higher risk of severe consequences resulting from a data breach in 2024. Since this statistic comes from a survey of large-scale organizations, these threats could have major repercussions on their many shareholders, employees, and customers. 

Without an endpoint cyber resilience policy, companies may not have a backup solution in place to preserve all their data. If a ransomware attack is successful and locks users out of their files, these companies won’t be able to simply remove the ransomware and restore any lost files. Instead, they’ll find themselves in a position where they may feel they have no choice but to pay a ransom to unlock their data—and there’s no guarantee that cybercriminals will actually release the data after payment.

Learn More About Strengthening Your Data Protection Layer

Due to the evident security gaps in organizations’ data security policies, organizations must address these gaps by strengthening their data protection layer. You can review the TAG report for more insights into data resilience. 

Interested in the experts’ take on the results? Take a moment to check out the five main insights our team uncovered while reviewing TAG’s research. 

Learn more about data resilience for enterprise businesses.