Cybercriminals Still Have The Upper Hand, Despite Data Protection Regulations

In the modern era, data is almost as important as actual wealth for companies. In every sale, purchase or survey, they look to gather as much customer data as possible. This data is usually used for internal training purposes, customizing products, advertising and delivery channels.

Whether it’s a repeat customer or a one-time transaction, organizations look to store as much data as they can get their hands on. Since a lot of this data also pertains to sensitive customer data, it has given rise to threats that look to misuse such data. #DataIsPrecious

This is where data protection regulations come in, a mandatory practice that has benefited organizations and the way it protects customer data. One such regulation is the globally observed Payment Card Industry Data Security Standard (PCI-DSS) which is set in place for any organization that gathers, stores or makes use of the credit card information of consumers, thereby protecting them.

The European Union has the General Data Protection Regulation (GDPR), which applies to organizations that work within or with companies that collect data of people living in the EU. The GDPR will soon be replaced by the Data Protection and Digital Information Bill in the UK.

While there is no specific data protection legislation in the US, there are laws that are enacted on federal and state levels that are implemented to protect the personal data of US residents. Such regulations have provided important standards to help organizations increase their data protection practices and safeguard sensitive customer data.


However, despite regulation frameworks being in practice and organizations adhering to them, cybercriminals aren’t kept away. In the first half of 2022, there were over 236 million ransomware attacks globally, a number that continued to rise. Reportedly 71% of organizations worldwide were affected by ransomware in 2022. In 2021, there were 623 million ransomware attacks. #NoKidding

Of course, this doesn’t mean that all the attacks were successful but it does highlight a major problem area for organizations in 2023.

According to reports, 76% of organizations in the UK and Ireland said they were victims of at least one ransomware attack in 2022, which resulted in 65% of them switching to cloud services to protect their data.

Another issue is that organizations sometimes do the bare minimum. While this may keep them on the right side of compliance, in the long run, it could prove to be problematic if they become victims of data breaches.

As per a report by Cyber Security Works (CSW), Ivanti, Cyware and Securin, 76% of the vulnerabilities exploited by ransomware groups have been observed between 2010 and 2019.

Another area of interest for ransomware groups is the backup repositories of organizations. In 88% of such ransomware attacks, it was found that 75% were successful. 33% of organizations said that their backup was impacted partially or completely and 22% believe they could have recovered their data without paying if they had employed sufficient data protection.

With the gaps and drawbacks of previous cyber-attacks, some organizations believe a similar situation in the future would be inevitable. Especially given that data protection budgets and measures aren’t increasing at a pace good enough to match accelerating workloads.


Although ransomware groups usually target organizations for their wealth, in 2021, 3700 individuals were affected by ransomware. Reportedly, the number could be higher as some victims don’t report losses, however, it led to $49.2 million stolen from internet users.

The other side of the problem includes cybercriminals making use of the latest AI and machine learning technologies to bypass an organization’s security measures. Essentially, organizations and individuals need to invest more in data protection measures and ensure they are proactive rather than reactive.

What do you think of the current regulations set in place and how do you think organizations can better secure themselves? Let us know in the comments below!