Rubrik Zero Labs is excited to debut its second State of Data Security report: “The State of Data Security: The Hard Truths.” This in-depth global study is the first public use of Rubrik telemetry data to provide objective data security insights. Rubrik data is complemented by an extensive third-party study conducted by Wakefield Research, which provides a deeper look into the challenges IT and security decision-makers face, the impacts of these challenges, and possible solutions. Wakefield Research surveyed more than 1,600 senior IT and cybersecurity leaders, more than half at the CIO and CISO level. In addition, Rubrik Zero Labs also included key analysis and perspectives from four other top cybersecurity organizations in this report to provide a holistic and comprehensive view on the current security landscape.




This new report is the next publication from Rubrik Zero Labs team, Rubrik’s dedicated threat research unit. Rubrik Zero Labs was created with the goal of giving a voice to and providing real-world solutions for the individuals on the front lines of cybersecurity and providing organizations with the latest threats to data security insights. As part of Rubrik’s mission to secure the world’s data, Rubrik Zero Labs partners with IT and security leaders to analyze the global threat landscape, report on emerging data security issues, and help reduce the impact of cyber threats with Rubrik’s data security platform.



The report provides an important lens into the realities organizations grapple with in their quest to secure their data. Rubrik Zero Labs identified the following using Rubrik telemetry data:

  • A typical organization needs to secure over 227 backend terabytes, traditionally spread across a mix of on-premises, cloud, and SaaS. For perspective, this equates to approximately 330 billion Microsoft Word files.

  • In 2022, data grew more than 25% in a typical organization across the board, with SaaS data growing at an astounding 236%

  • If this data growth rate continues, the data volume an organization must secure will triple in the next five years and require more than 545 backend terabytes of storage as a result

  • A typical organization stores more than 24 million sensitive data records–this volume will max out any financial penalty on record if compromised (see more on HIPAA, GDPR, and PPII)

  • According to Wakefield research, only 54% of organizations tested their backup and recovery solutions in 2022 with 52% having created or refined data recovery orchestrations

Data grew more than 25% in 2022 and will triple in the next five years at this growth rate

These data security realities are coupled with significant and very real threats facing global organizations. Our third party research found: 

  • Nearly every (99%) IT and cybersecurity leader surveyed was aware of a cyberattack in the last year on their organization, with the average being 52 attacks per organization in 2022.

  • 93% of these same leaders reported attackers attempted to manipulate their data backups during an intrusion last year with more than 73% being successful in these attempts to some degree

  • 72% of external organizations with a ransomware intrusion reported paying a ransom previously with more than 71% considering their organization likely to consider paying a ransom in 2023

  • For organizations that paid a ransom, 45% recovered half or less of their data from the attackers

  • According to Rubrik data in 2022, 48% of customers were targets of a likely ransomware intrusion event

99% of IT and Security leaders were made aware of a cyberattack in 2022 with an average of 52 cyberattacks per organization per year – or nearly one per week 

The combination of a complex data security reality and a high-pressure threat landscape are producing profound impacts for teams and people. Our third party research uncovered that:

  • 93% of organizations that dealt with a cyberattack suffered some level of negative business impact as a result ranging from revenue and customer loss to reputational damage

  • Four out of every ten organizations (42%) experienced a leadership change in the last year as a direct result of a cyberattack

  • 98% of survey respondents reported significant a personal emotional or psychological impact in the last year due to these cyber events

  • 96% of organizations are concerned they are unable to maintain business continuity if they experience a cyberattack in the next year

  • More than a third of IT and Security leaders (39%) feel their board and/or executive leadership have little to no confidence in their organization’s ability to recover critical data and applications

  • Nearly half (47%) of IT and Security leaders believe their 2023 cybersecurity budget is insufficient

93% of organizations who dealt with a cyberattack in 2022 encountered negative business impacts, including 42% being forced to change leadership as a direct result

Despite many operational and threat-based challenges, Rubrik Zero Labs research uncovered data that provides a sense of hope for the future. Importantly, we found, organizations are improving their data security across 2022.

  • Intrusions can present positive opportunities. Organizations that are unfortunately intrusion targets or victims can survive and thrive through malicious efforts can capitalize on opportunities to improve their cyber resiliency. 

  • According to third party research, of organizations that experienced a cyberattack in 2022, 99% implemented new actions, including increased spending on cybersecurity and an increase of staffing on IT and security teams . In addition, 48% of these organizations changed vendors or partner relationships to improve their security.

  • Threat attempts do not equal compromises for prepared organizations. Rubrik telemetry data identified anomalous activity in 75% of customers in 2022 requiring additional research. Nearly half (48%) of customers encountered some form of ransomware precursor activity. Only 15% of these same customers dealt with an encryption event in their environment and less than .004% of their Rubrik secured data was impacted by encryption events. Organizations that prioritized cyber resiliency found they significantly mitigated negative repercussions and impact of the threat landscape on their operations.

Intrusions provide improvement opportunities with more than 99% of cyberattack victims in 2022 implementing improvements

  • Organizations are improving their data security posture across their organization. Rubrik saw the typical data security score for customers rise 16% last year. Rubrik provides this score to organizations based on technical evaluations for platform security, data protection, ransomware investigations, and sensitive data discovery. This improvement applied across every industry and region. While significant challenges remain and cyber criminals continue to evolve and innovate, we believe it's important to note positive improvements and actions organizations are actively implementing to be more prepared and cyber resilient for potential upcoming cyber incidents that could arise.

Rubrik observed a 16% improvement in data security across 2022 with positive trends in every industry and region

While the data security threat landscape can seem daunting and overwhelming, organizations are finding demonstrable ways to improve and conduct their best work. To learn about emerging data security issues and how to help combat global cyber threats, read the full report on Rubrik Zero Labs. You can also hear more about how to make your organization more resilient against cyberattacks at Rubrik Forward–register here!

*Report Methodology

Rubrik telemetry is derived from customer metadata from more than 5,000+ customers in 57 countries spanning January 1, 2022 to December 31, 2022.

The third party global survey was commissioned by Rubrik and conducted by Wakefield Research among 1,625 IT and Security decision makers (Directors, VPs, CIOs and CISOs) at companies of 500 or more employees. The research was conducted in the US, UK, France, Germany, Italy, Netherlands, Japan, Australia, Singapore, and India, between February 01-22, 2023.

Rubrik received advanced permission from four cybersecurity organizations to utilize specific datapoints covering 01 January, 2022 through 31 December, 2022. We would like to extend our thanks and appreciation to these organizations:

  • Expel: Ransomware precursor activity and growth of public cloud intrusions

  • Mandiant: Use of median global dwell times and percentage of engagements for ransomware

  • Palo Alto Networks Unit 42: 2022 ransomware demands

  • Permiso: Illicit credential use in cloud intrusions and associated credential privilege levels