Rubrik today published a survey of 1,625 IT and security executives that showed more than half of organizations (53%) suffered a loss of sensitive data in the last year, with 16% having experienced multiple incidents.

The survey, conducted by Wakefield Research, identified the most widely reported data types compromised, including personally identifiable information (38%), corporate financial data (37%) and authentication credentials (32%).

Almost all respondents (98%) admitted they believed they currently have significant data visibility challenges, with 61% storing sensitive data across cloud, on-premises and SaaS environments with less than 4% having a dedicated, sensitive data storage location.

Two-thirds of respondents (66%) said they believed their organization’s current data growth is outpacing their ability to secure this data and manage risk.

On the plus side, more than half of respondents (54%) reported their organization has made a single senior executive responsible for data and its security.

A full 62%, however, suspected people inside their organization were accessing data in violation of policies.

Steven Stone, head of Rubrik Zero Labs, said unless organizations find a way to address data management and security issues more proactively, things are likely to get much worse. The volume of data in a typical organization has grown 42% over the last 18 months, with SaaS data driving the most growth overall (145%), followed by cloud (73%) and on-premises (20%) data, according to an analysis of 5,000 Rubrik customers.

On average, a typical organization’s data volume totals 240 backend terabytes (BETB). Rubrik Zero Labs estimated that the total volume of data a typical organization needs to secure will increase by almost 100 BETB in the next year—and by 7x in the next five years.

Organizations, on average, have 24.8 million sensitive data records, which could rise to 175 million records in the next five years, noted Stone. It’s not going to be possible for most organizations to secure that many records, he added.

The best thing organizations can do to address that issue proactively is to reduce the amount of data being collected as much as possible, especially copies of sensitive data that cybercriminals are going to target, added Stone. That same data could also result in organizations running afoul of an audit, he noted. Unless it’s absolutely essential, most organizations should not keep copies of sensitive data in, for example, spreadsheets, said Stone.

Data, of course, by its very nature, is fluid and, as such, often difficult to keep track of in highly distributed computing environments. Most organizations today are not especially good at managing data at scale, so it will require a lot more focus on governance.

Of course, artificial intelligence (AI) might one day streamline data management, but Stone noted that AI requires organizations to collect even more data to train AI models. That’s essentially trying to double down on the problem to try and solve it, he noted.

One way or another, the data management and security issues will be forced. The only thing that remains to be seen is how data can effectively be secured, given how easy it is to create data today and the currently limited resources available to protect it.