Data Security Wrapped 2024 (Plus: New HIPAA Requirements For Healthcare Orgs To Safeguard Patient Data, A Chrome Hack, & More)

2024 was a defining year for the data security industry, with breaches costing businesses millions and cyber threats evolving at an unprecedented pace—often so quickly that it was  challenging to keep up.

Enter Data Security Wrapped by Rewind! Not only did we unpack the top data industry news and takeaways of the year, but we explored how your organization can ensure data resilience in 2025 and beyond.

Top highlights from Data Security Wrapped:

• According to IBM’s Cost of a Data Breach Report 2024, the global average cost of a data breach in 2024 was $4.88 million USD—a 10% increase from 2023 (and the highest total in history). This figure is likely to continue increasing in the coming years.
• Shadow IT has become a significant problem for modern organizations as they rely more on SaaS and cloud applications. In fact, 1 in 3 data breaches last year involved shadow data. 
• With the rise of remote work and many organizations still lacking sufficient cybersecurity measures, ransomware has become even more widespread. In fact, ransomware is the top cybercrime threat currently facing Canada’s critical infrastructure.
• AI tools like ChatGPT pose significant risks, including data exposure and accidental disclosure. They also aid cybercriminals in creating convincing phishing attacks in minutes.
• Black Friday and Cyber Monday revenue results highlighted the power of eCommerce—but also its risks. Human errors, CSV import errors, and malicious attacks are all real threats that can derail business operations and lead to lost revenue. The impact of these dangers continues to be staggering: Merchant losses from eCommerce payment fraud could exceed $362 billion between 2023 and 2028.
• 2024 also saw a rising interest in compliance and regulatory issues, with companies as large as Google being impacted by inquiries into their data compliance. With new regulations like DORA coming into effect this month, and others like GDPR becoming stricter, companies need to prioritize regulatory compliance—especially those working with AI models. 

There’s a lot more where this came from! Unwrap the intel you need to protect your critical SaaS data and your organization in 2025.

What’s the lesson here?

According to Cybersecurity Ventures, the global annual cost of cybercrime is predicted to reach $10.5 trillion USD in 2025—so it’s no surprise that data breaches have been the subject of many headlines this year. It’s normal to feel stressed about the state of cybersecurity, but there are actions you can take today to mitigate these concerns. Try learning about the Shared Responsibility Model, running simulations like tabletop tests, or working with your key third-party suppliers to better understand their disaster recovery strategies and how they impact your business.

By 2028, 75% of enterprises will prioritize backup of SaaS applications as a critical requirement, compared to 15% in 2024, according to Gartner. Don’t get left behind! 

What other topics are trending?

• New HIPAA rules mandate 72-hour data restoration and annual compliance audits: To address increasing cybersecurity threats to the healthcare sector, the United States Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has proposed new HIPAA requirements for healthcare orgs with an aim to improve the security of patient health data. The proposal to update the HIPAA Security Rule is part of a broader initiative to bolster the cybersecurity of critical infrastructure.
• US Treasury Department breached through remote support platform: Chinese state-sponsored threat actors hacked the U.S. Treasury Department after breaching a remote support platform used by the federal agency.
• Volkswagen leak exposed precise location data on thousands of vehicles across Europe for months: Volkswagen Group’s troubled automotive software unit, Cariad, left terabytes of customer data on around 800,000 electric Audi, Seat, Skoda, and Volkswagen vehicles exposed to the internet for months. Cariad fixed the bug that led to the exposure, and said that it has no evidence to suggest anyone other than the security researchers had access to the exposed data. 

The Soapbox: Online conversations you don’t want to miss

Featuring insights from our Co-Founder & CTO, James Ciesielski.

Emerging threats & vulnerabilities to prepare for in 2025

James’ take? Innovations in the data security landscape progress quickly—and so do threats to your data. With global IT spending on cloud services predicted to reach over $1 trillion by 2027, risks like human error, shadow IT, and artificial intelligence will only become more impactful. One of the most rapidly evolving threats is ransomware, especially in the healthcare sector, where patient data is extremely valuable and needs to be managed with a high level of care.

Join the conversation on Reddit.

Dozens of Chrome extensions hacked, exposing millions of users to data theft

James’ take? This story should be a wake-up call for anyone who downloads and installs Chrome extensions. While they can be helpful tools, many organizations are in the dark about what extensions users have installed, leaving their critical data exposed on a larger scale than they may think. With phishing schemes posing a persistent threat, it’s even more important to remain vigilant and informed about potential attack vectors.

Join the conversation on X.

Industry events and recaps

Watch the recording! Safeguarding GitHub data 

How safe is your GitHub data from breaches and accidental deletions? Discover how to protect your GitHub data from threats by watching our on-demand webinar featuring experts from W3C and Rewind. You’ll learn about the Shared Responsibility Model and what it means for your business. Plus, you’ll get valuable insights on why internally built backup systems fall short and why it’s time to consider a third-party backup and recovery solution. 

Watch now!

Subscribe to Retro for more!

Like what you read? Subscribe to Retro so you don’t miss any of our industry’s top stories and conversations.