理解数据安全风险调查报告（2025）

2© Copyright 2025, Cloud Security Alliance. All rights reserved.© 2025 Cloud Security Alliance – All Rights Reserved. You may download, store, display on yourcomputer, view, print, and link to the Cloud Security Alliance athttps://cloudsecurityalliance.orgsubject to the following: (a) the draft may be used solely for your personal, informational, non-commercial use; (b) the draft may not be modified or altered in any way; (c) the draft may not beredistributed; and (d) the trademark, copyright or other notices may not be removed. You may quoteportions of the draft as permitted by the Fair Use provisions of the United States Copyright Act,provided that you attribute the portions to the Cloud Security Alliance. ©2025云安全联盟大中华区版权所有 3 AcknowledgmentsLead AuthorHillary BaronContributorsJosh BukerMarina BregkouRyan GiffordSean HeideAlex KaluzaJohn YeohGraphic DesignClaire LehnertStephen LumpeSpecial ThanksLynne Murray, Krishna Ksheerabdhi, and Brian RobertsonAbout the SponsorToday’s enterprises depend on the cloud, data andsoftware in order to make decisive decisions. That’s whythe most respected brands and largest organizations inthe world rely on Thales to help them protect and secureaccess to their most sensitive information and softwarewherever it is created, shared or stored – from the cloudand data centers to devices and across networks. Asthe global leader in security for a world powered by Applications, Data, Identities, and Software,our solutions enable organizations to move to the cloud securely, achieve compliance withconfidence, create more value from their software and deliver seamless digital experiences formillions of consumers every day. Thales Cybersecurity Products is part of Thales Group. For furtherinformation, visitcpl.thalesgroup.com. 3© Copyright 2025, Cloud Security Alliance. All rights reserved. Table of ContentsAcknowledgments...............................................................................................................................3Lead Author...................................................................................................................................3Contributors..................................................................................................................................3Graphic Design..............................................................................................................................3Special Thanks...............................................................................................................................3About the Sponsor........................................................................................................................3Executive Summary.............................................................................................................................5Key Findings........................................................................................................................................6Gaps in Risk Understanding Limit Effective Risk Management......................................................6Misalignment Between Management and Staff Impacts Risk and Compliance Strategies.............8Existing Tools Struggle to Keep Pace with Evolving Modern Risk Management Needs...............10Regulations and Compliance Drive Risk Reduction but Fall Short on Proactive Data SecurityStrategies.....................................................................................................................................11A Shift Toward Risk-Based Strategies Is Critical..........................................................................12Final Thoughts on the State of Data Security Risk.......................................................................14Full Survey Results.............................................................................................................................15Overview.....................................................................................................................................15Concerns and Challenges............................................................................................................16Risk Evaluation Strategy..............................................................................................................17Risk Management Tools...............................................................................................................20Compliance and Standards..........................................................................................................21Program Strategy and Drivers......................................................................................................21Demographics...................................................................................................................................23Survey Methodology and Creation.............................................................................