The Most Significant Milestone Comes at a High Cost
The digital shift to hybrid environments is one of the most important advancements in modern business. However, according to Rubrik’s latest “State of Data Security in 2025” report, this progress comes with a steep price: an unprecedented rise in cyber threats affecting nearly every organization on the planet. Not surprisingly, this finding from the report leads the accompanying press release – 90% of global IT and security executives reported cyberattacks in the past year. Innovation has a cost, and it seems to be coming at a price higher than most anticipated. From ransomware to data sprawl, human error, or malicious action, there’s a lot to be worried about.
Cyberattacks Are Everyone’s Problem
Cyberattacks are no longer isolated events. They are constant, widespread, and increasingly destructive. Nearly one in five companies experienced over 25 cyber incidents in 2024, that’s about one every other week.
Attack methods are evolving rapidly. Identity-based threats now make up the majority of attacks, while malware-free intrusions and social engineering tactics allow attackers to bypass traditional defenses. These changes mark a dangerous turn, indicating that no one is safe, regardless of size or sector.
Ransomware: A Costly and Growing Threat
Guess what! Ransomware remains a top concern. Among companies that experienced ransomware attacks, almost all, 86% paid. But, even more concerning, 74% said their backup systems were compromised, with 35% reporting complete failure.
These figures suggest that not only are attacks more frequent, they’re more effective. And attackers are becoming more organized and faster. In 2024, the average breakout time dropped to just 48 minutes.
Data Sprawl and Complexity Increase the Risk
The explosion of cloud and SaaS services has made data security harder than ever. Ninety percent of companies now manage hybrid environments, and nearly all use multiple cloud platforms. As data spreads across these systems, controlling it becomes harder.
IT leaders cite three main issues:
- Difficulty securing sensitive data across environments (35%)
- Lack of centralized management (30%)
- Limited visibility over cloud data (29%)
Rubrik’s telemetry reveals that 36% of sensitive cloud files, including personal and business-critical data, are high-risk.
The Human Factor: Identity and Insider Threats
Who are you? With most companies using multiple platforms, managing identity and access is a growing struggle. Of note, the worst sort of human error, the insider threats, often involving compromised credentials, account for 28% of incidents. Attackers frequently exploit poor identity controls to move laterally across systems.
Rubrik’s findings show that 27% of high-risk data contains digital identifiers like usernames and API keys, which are prime targets for attackers looking to hijack identities.
The Cost of Inaction
The impact of cyberattacks is severe. Forty percent of companies report increased security costs. Thirty-seven percent suffer reputational damage, while 33% experienced leadership changes after a breach. This cost is hard to put a number to, but trust and leadership are tough things to replace. These outcomes show how deeply security failures cut into an organization’s core.
Recommendations from Rubrik’s Report
1. Regain Control of Data Start by identifying and classifying sensitive data. Understand where it is and what it’s worth. Personal, business, and financial data should be prioritized for protection.
2. Establish Clear Policies Organizations need enforceable data access and storage policies, particularly in hybrid environments. Restrict downloads on unsecured networks and define clear consequences for violations.
3. Automate Security Processes Manual systems are too slow and error-prone. Automation helps security teams manage backups, detect threats, and respond to incidents in real time.
4. Secure Backup Strategies Cloud and SaaS data must be backed up just as rigorously as on-premises data. Do not rely solely on native cloud tools. Include air-gapped copies and tested disaster recovery plans.
5. Prioritize Zero Trust Assume no device or user is safe, a step to addressing human error. A Zero Trust approach, though complex, is essential in distributed environments.
Conclusion: A Crisis Demands Urgent Action
We say it and hear it to the point of ad nauseam. Like so much other work in this space, the Rubrik report makes it clear, but it clearly needs repeating: the cybersecurity crisis is everyone’s problem. It’s a beat we keep hearing. Everyone needs to step up their cybersecurity game. As companies embrace the flexibility of hybrid environments, they must also face the growing threat landscape head-on.
Cyber resilience requires more than tools. It demands strategy, visibility, and a culture that values data as a critical asset. Organizations must act now—before attackers act again.
