SecurityBrief Canada - Technology news for CISOs & cybersecurity decision-makers
Canada
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Malware
#
Ransomware
#
Hybrid Cloud

Nine in ten IT leaders faced cyberattacks as threats intensify

Yesterday
Author image
By Melania Watson, Interview Editor

New research from Rubrik Zero Labs has found that 90 per cent of IT and security leaders globally experienced cyberattacks in the past year.

The report, titled "The State of Data Security in 2025: A Distributed Crisis," highlights the ongoing challenges organisations face with data protection, especially as hybrid and cloud environments become more prevalent.

According to the report, nearly one fifth of organisations worldwide experienced more than 25 cyberattacks in 2024 alone, equivalent to at least one breach every other week.

The most commonly cited attack vectors included data breaches (30 per cent), malware on devices (29 per cent), cloud or SaaS breaches (28 per cent), phishing (28 per cent), and insider threats (28 per cent).

The growing number and sophistication of attacks have had significant consequences for businesses. Forty per cent of respondents reported increased security costs, 37 per cent noted reputational damage and loss of customer confidence, and 33 per cent experienced a forced leadership change following a cyber incident.

Joe Hladik, Head of Rubrik Zero Labs, commented on the findings: "Many organisations that move to the cloud assume their providers will handle security. The persistence of ransomware attacks, coupled with the exploitation of hybrid cloud vulnerabilities, shows that threat actors are always one step ahead."

"Companies must take action and adopt an attacker's mindset by identifying – and protecting – the most valuable data before it's too late. The need for a data-centric security strategy that prioritizes visibility, control, and quick recovery has never been more urgent."

The report also found that managing sensitive data across diverse systems has become more complex, with the adoption of artificial intelligence and cloud technologies exacerbating the issue of data sprawl.

An overwhelming 90 per cent of IT and security leaders report managing hybrid cloud environments, and half of surveyed IT leaders say most of their workloads are now cloud-based.

Securing data across these varied ecosystems was identified as the top challenge by 35 per cent of respondents, followed by a lack of centralised management (30 per cent) and a lack of visibility and control over cloud-based data (29 per cent).

Rubrik's telemetry data showed that 36 per cent of sensitive files in the cloud are classified as high risk, with these files largely comprising personally identifiable information such as social security numbers and phone numbers, as well as digital and business data including intellectual property and source code.

Ransomware remains a significant concern, with evolving tactics among attackers. Of those organisations that suffered a successful ransomware attack last year, 86 per cent admitted to paying the ransom to recover their data.

Attackers have increasingly targeted backup and recovery systems, with 74 per cent of respondents stating that threat actors were able to partially compromise these systems, and 35 per cent reporting that their systems were completely compromised.

Identity threats have also intensified, largely due to the complexity of hybrid environments. Ninety-two per cent of organisations now use between two and five cloud and SaaS platforms, providing more opportunities for attackers to exploit weak points in identity and access management and escalate ransomware attacks.

Insider threats, often involving compromised credentials, were cited by 28 per cent of IT leaders as a growing concern. Rubrik's telemetry indicates that 27 per cent of high-risk sensitive files contain digital data such as API keys, usernames, and account numbers – the type of information threat actors seek to hijack identities and infiltrate critical systems.

The findings are based on surveys and interviews with over 1,600 IT and security leaders across 10 countries, and include an analysis of 5.8 billion files across cloud and SaaS environments, with over 175 million sensitive files classified across customer environments. The research covers data from January to December 2024.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Proofpoint unveils unified platforms to combat data & cyber risks
CrowdStrike launches Falcon Privileged Access to block threats
Most firms overestimate data resilience, risking USD $400 billion
CrowdStrike named leader in GigaOm XDR report for 2025
Cloudflare details Q1 Internet disruptions from quakes to storms
Top stories
Socket acquires Coana to cut false positive security alerts
Proofpoint launches unified cybersecurity solution to cut costs
Proofpoint unveils unified AI data security platform for enterprises
Cookie theft bypasses MFA and grants cloud access
Lineaje launches AI-powered self-healing for software security