A survey of 322 IT and security professionals finds nearly two-thirds (63%) have confidence in the effectiveness of their organization’s data security measures with another 30% uncertain despite the volume of breaches and ransomware attacks being regularly reported.

Conducted by Dasera, a provider of a data security posture management (DSPM) platform, the survey finds only 7% of respondents admit their current data security measures are likely to be ineffective.

A full 60% of respondents have adopted role-based access controls, with 58% having adopted data tagging and security principles. An equal percentage (58%) said they enforce the principles of least privilege (PoLP) access but only 27% have implemented data cataloging tools.

Well over a third (38%) use a mix of manual and automated processes to classify sensitive data, but only 28% employ automated monitoring tools to oversee data as it’s being used and only a quarter (25%) conduct regular audits.

Given the ease at which cybercriminals are now able to bypass perimeters, data security has become the last line of defense for many organizations. The challenge is that data security is only as good as the underlying frameworks used to manage data. If sensitive data is strewn across the enterprise, the odds that data will be a breach of some kind exponentially increase.

The survey, for example, finds that 40% of respondents work for organizations that already use a hybrid approach for data hosting, with 30% employing multi-cloud environments. About 50% of data stores are on cloud platforms.

Dasera CEO Ani Chaudhuri said despite the prevalence of data security measures the number of successful ransomware attacks suggests that existing practices and methodologies for securing data may not be as effective as many security professionals believe. In fact, 38% of respondents are unsure of their organization’s approach to data management.

Despite these issues and the current prevalence of ransomware attacks, only 26% and 23% said data breaches and ransomware are a significant concern.

It’s hard to determine in the wake of a breach or successful ransomware attack how big a factor overconfidence was in enabling an incident to occur. Most previous victims likely thought the measures they had put in place to secure data would be more effective than they actually were.

Fortunately, in the age of artificial intelligence (AI), there’s more focus than ever on the value of data. That is leading many organizations to revisit their data security strategies as they adopt, for example, retrieval augmented generation (RAG) techniques to expose data to large language models (LLMs) hosted on cloud services, noted Chaudhuri.

In the meantime, if data is now the most important asset any organization has continuing to rely primarily on perimeter defenses to secure it is not likely to be effective. Cybercriminals now routinely steal credentials to gain direct access to applications in ways that bypass those defenses. The challenge and the opportunity now is to find ways to first determine which data is the most valuable, to apply the right level of protection at a level of cost an organization can afford. Hopefully, before a ransomware attack provides an object lesson in data security that is sure to be much more expensive.