Survey findings reveal the challenges organizations face and the opportunities they have to strengthen their security posture

Cloud Security Alliance Survey Report Examines How Organizations Assess and Manage Cybersecurity and Data Risks

Media Contacts
Kristina Rundquist
ZAG Communications for the CSA
kristina@zagcommunications.com

In an era of complex hybrid and multi-cloud environments, organizations are grappling with the nuance of identifying, prioritizing, and mitigating risks that threaten their most sensitive assets. In response, the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released the Understanding Data Security Risk survey report. Commissioned by Thales, the leading global technology and security provider, the report shares critical insights into the obstacles organizations encounter when managing their data security risk, and offers actionable steps they can take to secure their most sensitive assets.

“To successfully navigate today’s intricate risk environment, organizations must refine their strategies. Strengthening risk awareness, fostering cross-team alignment, unifying fragmented tools into cohesive platforms, and adopting proactive, risk-driven approaches allow organizations to enhance resilience, protect critical data, and streamline compliance, and in doing so, pave the way for a more robust and adaptable security posture,” said Hillary Baron, Senior Technical Research Director, Cloud Security Alliance.

The study examined companies’ security, governance, and compliance methods for assessing data risk across their assets, specifically how they identify, categorize, and evaluate risk, as well as the tools they use to monitor, assess, and mitigate it. The survey also sought to identify the key challenges organizations encounter when trying to gain a comprehensive view of their risk posture to minimize response effectiveness and potential down time. Among the findings:

• Many organizations lack the tools and confidence to identify high-risk data sources, with 31% reporting insufficient tooling and nearly 80% expressing low to no confidence in their ability to address these risks.
• Diverging focuses between management and staff create inefficiencies. Executives prioritize aligning security efforts with broader business objectives (41%), while operational teams face resource constraints and rely heavily on manual (22%) or semi-automated (54%) processes.
• Over half of organizations (54%) use four or more tools to manage data risks, leading to inefficiencies and conflicting information.
• Compliance remains a primary driver for risk reduction (59%), but a heavy focus on regulatory adherence often leaves organizations unprepared for emerging threats.
• Organizations are beginning to prioritize risk-based approaches, with identifying and prioritizing vulnerabilities ranking as top priorities.

While organizations continue to face a rapidly changing threat landscape, where the complexities of hybrid and multi-cloud environments expose new vulnerabilities and challenge traditional risk management strategies, the survey found that by gaining a deeper understanding of their own data risks, organizations can close confidence gaps, streamline operations, and stay ahead of evolving threats.

“In 2025, organizations must transition from a purely compliance-focused approach to a more proactive risk-focused strategy. This requires a clear understanding of risk across key dimensions, including organizational risk, asset risk, and regulatory risk. Risk visibility must be quantifiable and prioritized according to its potential impact on the business. By leveraging key data risk indicators from the entire data estate, organizations can create an actionable risk view that empowers them to make informed and effective decisions to strengthen data security,” said Todd Moore, Vice President, Thales Data Security.

Thales financed the project and co-developed the questionnaire with CSA research analysts. The survey was conducted online by CSA in November 2024 and received 912 responses from IT and security professionals from organizations of various sizes and locations. CSA’s research analysts performed the data analysis and interpretation for this report.

Download the full Understanding Data Security Risk survey report.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250227530139/en/