GetApp offers objective, independent research and verified user reviews. We may earn a referral fee when you visit a vendor through our links.
Our commitment
Independent research methodology
Our researchers use a mix of verified reviews, independent research, and objective methodologies to bring you selection and ranking information you can trust. While we may earn a referral fee when you visit a provider through our links or speak to an advisor, this has no influence on our research or methodology.
How GetApp verifies reviews
GetApp carefully verified over 2 million reviews to bring you authentic software experiences from real users. Our human moderators verify that reviewers are real people and that reviews are authentic. They use leading tech to analyze text quality and to detect plagiarism and generative AI.
How GetApp ensures transparency
GetApp lists all providers across its website—not just those that pay us—so that users can make informed purchase decisions. GetApp is free for users. Software providers pay us for sponsored profiles to receive web traffic and sales opportunities. Sponsored profiles include a link-out icon that takes users to the provider’s website.
AI enhancements to common threats (such as malware and phishing) and newly developed attacks generated by AI tools are among the top threats for IT data security professionals going into the year 2025. These insights made up some of the key findings of GetApp’s 2024 Data Security report, which surveyed 4,000 participants in 11 countries, 500 of whom were in the USA.*
Data security and effective data governance are integral to company operations and reputation. Subsequently, CISOs always need to evolve strategies to deal with the latest threats. As cyberattacks are becoming more potent with AI assistance, it’s essential to reprioritize efforts against data security-related threats in the coming year. However, getting up to speed to fight these threats without facing any software vulnerabilities can be challenging. In this article, we share key strategies to boost security and detail four vital recommendations.
AI-enhanced attacks are the top threat for 37% of U.S. IT professionals handling data protection for 2025
60% of IT data professionals globally identify AI-enhanced malware as the most concerning AI-generated threat for the next 12 months
54% in the U.S. have suffered data breaches in 2024, below the global average of 62%.
56% of data breaches in the U.S. were caused by software vulnerabilities
Threat detection and monitoring is an ongoing task for IT security and data security professionals. However, keeping on top of threat intelligence can be a challenge as cyberattacks adapt and evolve, and 2024 has been no exception.
According to our participants, AI-enhanced attacks are the biggest security-related risk factor for this year and going into 2025. This ranked ahead of advanced versions of more established issues such as phishing, ransomware, cloud security issues, and supply chain attacks.
There are big benefits of using a cloud storage system for small-and-midsize-businesses, allowing them to scale with resources that would be harder to replicate in-house. Despite this, cloud-based vulnerabilities are among the top worries for our American sample and these concerns about data security within the cloud could cause hesitance in adopting these systems.
GetApp’s guide to mitigating the security risks of cloud computing details important steps to making cloud systems more secure. These include introducing processes such as vulnerability testing for potential risks such as DDoS attacks, configuring systems to permit strong access controls, and creating stronger data policies to help firms secure their data.
In some ways this finding will come as little surprise as the topic of AI-based cyberattacks has been running throughout 2024, as has the rise of easily accessible generative AI technology. [1] The fact that AI has enhanced concerns around security is reflected in our latest findings, where malware and phishing have topped the charts in the U.S. compared to the global average.
Another emerging risk noted in our global and local samples is AI's potential to create entirely new forms of attacks. This risk was noted in our global and local samples, as in both cases, over half (51%) expressed concern about AI-generated deepfake attacks going into 2025. There are also worries about the ability of artificial intelligence to poison machine learning data or help attackers access injection vulnerability points.
While AI is the core concern for the year ahead, professionals are still noting high numbers of more conventional attacks, such as phishing and ransomware. These continue to disrupt businesses, exposing them to thousands of dollars in lost revenue.
Phishing remains common, with 87% of participants saying they or others in their organization had received a phishing email in the past 12 months. More worrying still, 74% of that group reported that they or someone else in the business had subsequently clicked on malicious links within the email.
Ransomware cases in 2024 also affected a significant proportion of the U.S. sample. In total, 44% worked in an organization targeted by one or more system-locking attacks aimed at stealing data to extort money from companies. On a positive note, this was below the numbers seen in our global average of 52%, suggesting companies are weathering these threats effectively.
However, the consequences of attacks are still dire, with 43% of firms hit by ransomware stings resorting to paying a ransom. For a proportion (36%), it was possible to recover from the attack and decrypt the data without paying.
Unfortunately, equally as many (36%) of ransomware victims lost data in the attack that was never recovered. This includes 2% that had no backups and simply had to accept the permanent data loss without engaging with the hackers. These cases underscore the importance of developing strong ransomware defenses.
A data breach whereby company data is exposed, lost or stolen during a cyberattack is a major threat to business stability. This can be especially harmful to companies if clients are subject to identity theft as a result, and these infractions potentially incur huge fines from the FTC if not dealt with correctly. [2]
In a positive sign, data breaches appear to be on the decline in the US, with 54% of IT data professionals saying their company was hit by one or more data breaches in the last 12 months. This compared well against a global average of 62%.
Nevertheless, while better than global averages, over half of U.S. companies reported a form of data breach over the last year, demonstrating the importance of businesses staying the course to uphold security standards for information. As seen in the graph below, there are many ways breaches can occur, but not all of them involve bad actors or malicious intent.
As a solution to the trend of increasing data breaches a number of major software companies are signing up to guidelines set by The Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design Pledge.
Among some of the practices this entails is a vulnerability disclosure policy, easing the ability for public security researchers to report issues to software creators. It also fosters a commitment to more frequent security updates, and overhauling easily exploited settings such as default passwords or a lack of multi-factor authentication (MFA). [3]
Based on the findings above, American data security seems slightly more stable in 2024. To ensure that this continues, we’ve leveraged our data to highlight four important tips that can be used to ensure continued security and stability for firms into 2025.
It’s vital to ensure basic protections are covered before worrying about more advanced protection considerations. For example, our sample data's three most used security tools are antivirus, network security, and firewalls, which will surprise very few people.
While these tools are well-established and fairly encompassing, it is important to use security software with features that make it more adept at dealing with upcoming threats. This may mean using a program with robust malware detection tools and one that also updates its software frequently to address the threat of AI-powered malware and other emerging issues more directly.
With AI attacks looking to represent a major challenge in the coming months, it’s important to make sure data security protocols are safely in place. As seen in our findings, 39% of data breaches occurred due to an improperly configured database or errors in the system. This makes regular checks of system integrity a priority.
The need to review overall data security also represented the biggest priority for over half (53%) globally. This makes sense, especially in situations where vulnerabilities can become wider due to the existence of AI-generated cyberthreats.
It also goes without saying that data security professionals should implement a decent level of encryption. While most forms of artificial intelligence, such as deep learning, don’t have the capacity to break encryption, AI-powered attacks can make stolen data riskier. [4] Using common encryption methods is a small step to preventing data from being misused if the worst happens.
Cybersecurity protection tools offer a good level of defense against data thieves and cyber attackers. However, these tools aren’t foolproof, and sometimes threats slip through the cracks. Therefore, it is vital to create a level of preparedness within an organization to spot attacks.
Our data showed that 76% workers belong to businesses that simulate phishing attacks, above the global average of 70%. These exercises can enhance email security by promoting awareness of the signs of social engineering attacks before they can do any damage. This practice can also identify the extent to which extra cybersecurity awareness training should be conducted across an enterprise.
Multi-factor authentication can be a game-changer in preventing an attack. It multiplies the opportunities to thwart a potential attack and prevent a data breach or takeover of a system by a hacker. Therefore, it was no surprise that 51% of IT and data professionals surveyed said that their companies use MFA for all applications, compared with a global average of 44%.
This appears to be helping companies avoid some of the worst impacts of a cyberattack compared to others abroad. Interestingly, American respondents appear to prefer MFA options that authenticate access via a passcode, received on a mobile device, by email, or found on a dedicated authentication app. Biometrics comparatively appear to be considerably less popular.
These findings may have been compounded by worries about the risks of AI breaking the defense of biometrics. In GetApp’s 2024 Executive Cybersecurity survey, for example, we observed high fears in the U.S. about the potential for biometrics to be compromised by AI-generated fraud.
The picture for data security at the end of 2024 into 2025 has some positive notes. However, that can all be lost if complacency sets in. The cybersecurity infrastructure is always changing, and the growth of AI tools means the nature of threats is evolving fast.
It is important that companies review and, where necessary, enhance their security coverage and ensure data is properly protected. This will help create the best chance of avoiding looming threats in 2025.
To study the bigger picture of artificial intelligence in cybersecurity in more detail, the second part of our analysis of GetApp’s Data Security Survey examines how AI is an opportunity as much as a risk. This can help businesses plan ways to incorporate it into their cybersecurity infrastructure and make their network monitoring more secure.
*GetApp’s 2024 Data Security Survey was conducted online in August 2024 among 4,000 respondents in Australia (n=350), Brazil (n=350), Canada (n=350), France (n=350), India (n=350), Italy (n=350), Japan (n=350), Mexico (n=350), Spain (n=350), the U.K. (n=350), and the U.S. (n=500) to learn more about data security practices at businesses around the world. Respondents were screened for full-time employment in an IT role with responsibility for, or full knowledge of, their company's data security measures.
AI makes it easier for anyone to become a cybercriminal, top official says, Axios
Equifax Data Breach Settlement, Federal Trade Commission (FTC)
Could Deep Learning be used to crack encryption?, GeeksforGeeks
David Jani