Scroll down

This is a story about data.

How much we have right now, how much we're going to have, and how it will impact our ability to protect our data.

How it hurts us and how it can help us navigate an uncertain future.

We also wanted to take you along in our journey. You'll be asked to make a number of choices about your data. That way we can navigate this uncertain future together.


So let's start at the beginning with the most important question:

Do you care about data and how to protect it?

The Choice Is Yours

You're going on a journey. How do you want to do it?

You can observe or you can explore. Driver or Shotgun? Either way is good with us. You're welcome to scroll through and get what you came for. There'll be plenty to see. But wouldn't it be more fun to navigate the future of data security first-hand? The choice is yours, but it will affect how you experience the rest of this journey!

(Don't sweat this too much. We'll help guide you, and—unlike the actual choices you'll have to make in the future—you'll be able to go back, make another choice, and see different outcomes.)


Whaddya say?


Just the facts, ma'am.


I'll make choices to control my destiny.

Understanding Risk

Quick Thinking
and Quicksand

Before we dive into your data journey, here's a little primer on how we make decisions. Some pro tips, if you will, for the choices you'll make in the future.



Humans are inherently optimistic.

We have to be. If we truly had to face the amount of hardship in today's world, many of us would never get out of bed. We need optimism to survive.

But that same optimism can also blind us from important realities.



Somewhere in the back of our minds, we know every time we hop in a car we're taking a risk. In fact, insurance companies plan for the average driver to be in a car accident

Still, almost all of us overestimate our ability to beat the odds.
We… Text, Dial, Eat, Talk, Read, Groom… all while driving.

We know something bad could happen.
We're just counting on it not happening to us, not today.


2007 financial crisis

Our optimism also applies to how we see things in larger groups. In 2007, the signs of the impending global economic crisis were available to see. Some did. Most of the foremost experts either didn't see or discounted these important signals.

Somewhat ironically, organizations often approach cybersecurity—a topic notorious for its association with fear, uncertainty, and doubt-with more optimism than you might think.



This spring's Rubrik Zero Labs report revealed that 99 percent of IT and security leaders were made aware of at least one attack in 2022 with an average of 52 occurrences worked. These same leaders guide teams and are often under-resourced and ill-prepared to address and recover from those same attacks.

Organizations know they might be attacked. But they hold onto a certain amount of “but not us, not today” optimism.

That Gut Feeling

Every time we hop into a car, sign a mortgage agreement, or arrive at any of the other 35,000 big and small decisions we're estimated to make every day, we take a calculated risk.

According to researchers, this risk evaluation happens in one of two ways:

or analysis

Economists and psychologists debate the usefulness and accuracy of each kind of thinking, but generally, intuition is great for quick decisions with little effort, and analysis helps us with more complicated decisions, albeit more slowly and with more effort.

Both types of thinking are subject to error, but intuitive thinking is considered less accurate. However, accuracy in certain kinds of intuitive thinking can be improved by experience. That's why skilled emergency personnel can “sense” danger even before it happens.


We already know organizations are optimistic, at least in their actions, when it comes to cybersecurity.


How does it look from an individual perspective, Let's say your perspective?




Is your current data growth outpacing your organization's ability to secure this data and manage risk?




How likely is it that people inside your organization are accessing data in violation of your data policies?



Here's how IT and security leaders feel about their ability to manage risk.


believe their data growth has already outpaced their ability to secure data and manage risk.


of external organizations believe employees are accessing data in violation of established data policies.


There's a clear disconnect between how organizations behave and how their experts feel about their data security approach.


Does this same disparity exist in the hard data? Are these experts canaries in a coalmine or is this intuition run wild?


Let's find out!




Current Data Realities

Today's Trail

Let's switch our thinking from intuition to analysis. Hard data with concrete takeaways. Without analysis we're nothing but Vibe Merchants.


In order to protect data, you need to understand where it is, how much exists, and if it's critical.

So, let's start there.



But first, since you're exploring this journey with us, we have a quick question for you.


How much data is in your environment?

Don't know your EB's from your BEPB's?

Here's the typical data volume in your industry/region

Jul 23 Total BETB Avg

And here's how that compares to the global average:

Jul 23 Total BETB Avg

What do you think?

Now that you know how much data similar organizations have in their environments, how confident are you in your answer? Did you over- or, more likely, underestimate?

The global average data volume is...

Now let's compare all
industries and regions:


Jul 23 Total BETB Avg


A typical APAC organization has about 60% less data volume than a similar organization in EMEA or the AMERICAS



Three Rubrik-protected organizations contain more than a petabyte of backend data storage.

The highest number of Rubrik-protected virtual machines in a single organization to date is 250,000+ VMs.


IT and security teams have been thinking about the growing influx of data for a while.


'The Petabyte Age'

Wired Magazine declares the beginning of "The Petabyte Age."1


Former Google VP Marissa Mayer notes three big changes to internet data—real-time data, unprecedented processing power, and new kinds of data. She says user-generated data alone is growing at 15x, which is faster than Moore's Law.2


Data industry reporting indicates emerging CRM pushes will lead to more data about organizations, a growing number of "Internet of Things" devices will exponentially raise data levels, and pending database improvements will expand data use cases.3


Discussions center around a data “tipping point” resulting from data moving from analog to digitized and increasing "sensor" data.4


Analysts argue social media, mobile, and web advertising will drive a "big data explosion."5


IBM estimates that poor quality data costs US businesses $3.1 trillion annually.6

How we got here

We've been worrying about data for as long as it's been around. But we ain't seen nothing yet. Let's look at how we got to this spot.


Total BETB Avg



Rubrik Zero Labs analyzed growth patterns from Jan 2022 through July 2023.

Total BETB Avg



Data Predictions

Looking at
The Horizon

Now let's look forward instead of backward. Rubrik Zero Labs applied the data growth trends and extrapolated to find what organizations are likely to see in the future.


Total BETB Avg


Nobody really knows how much data we'll have in the next five years.

We've regularly outpaced data-growth predictions.

Fairness in advertising: This truth applies to Rubrik Zero Labs as well. Our previous research, based on data solely from 2022, indicated a 25% data growth rate. But if we extrapolate other areas based on today's growth rate … It's about to get real.


Sensitive Data Changes

Pack Only the Essentials
For the Journey

You can see how much cargo you're scheduled to carry on this trip, but does the load need to be this heavy?

We care about almost all of our data, but some matters more. For example, no one really cares if a desktop folder full of past blogs is compromised. But things like ID numbers, health records, and business plans … We care a bit more about those.

But first, a quick question.


How many sensitive data records are in your environment?

On average, organizations like yours have this much data...

Jul 23 Sensitive Data Files Avg

Here's the global average...

Jul 23 Sensitive Data Files Avg

A typical organization has

24.8 million

sensitive data records

If we step back, there's significant variation.
Here's all industries and regions


Jul 23 Sensitive Data Files Avg

Less than 4% of external organizations have a dedicated sensitive data storage location.

of external organizations store sensitive data in multiple locations across cloud, on-premises, and SaaS environments.

Time to see the projected growth of sensitive data you'll have to manage


Sensitive Data Files Avg


Shifting Hybrid Environments

It's not just about how much data you have.
It's also about where that data lives.


Sensitive Data Files Avg RT


An important trend for the next five years is the dynamic nature of hybrid environments (a mix of on-premises, cloud, and SaaS). Every indication points to hybrid remaining the dominant environment type, but the ratios will dramatically shift. Cloud will easily surpass on-premises as the preferred storage medium. SaaS will experience the highest growth rate over the next five years and will equate to what organizations conduct in the cloud today for perspective.


Data Security Evaluation

Here there
be monsters

Here There Be Monsters was a phrase written on maps to indicate uncharted waters or suspected treacherous areas.


OK, so there's a lot of data to secure and we're shifting where it lives. How are we doing when it comes to securing our data today?

Let's use Data Security Scores for some data-driven ground truth.


A typical organization has a data security score of:


Here's how the future will look based on analyzing these trends and vectors.


Data Security Score Avg


We've examined several data security trends over time. Here's how data security scores project when we incorporate every noted trend and vector.


Now that we've done the analysis, how did it match your intuition? Were you optimistic about the future? If so, are you still?


Data loss realities

So far, we've used intuition and analysis to look at data as a whole. What about threats to this same data?

Lets flip back to intuition and hear from your peers.




Did your organization experience a material loss of sensitive information in the past 12 months?


More than half of all external organizations experienced a material loss of sensitive information in the last year.


of external organizations experienced a material loss of sensitive information last year


Approximately 1 of every 6 external organizations experienced multiple material losses of sensitive data in 2022


Data Types Compromised in External Organizations Last Year




The Road
Less Traveled

We might not be great at predicting our futures. But now we have a guidepost to use in charting a new path.

Next, let's examine some fundamental, proven methods to improve data security. These may sound basic. That's because they are. But they also happen to work really well. Don't trust us-we'll show you.

Let's do a quick vibe check before we go too far.



Does your organization's existing data policy meet your needs?



Who is responsible for securing data at your organization today?




of external organizations have an appointed single senior executive responsible for data and its security.


The vast majority of external organizations believe they currently have significant data visibility challenges.

Rubrik Zero Labs
Top Three Recommendations

If an organization implemented a 20% reduction of last year's total data, multiple risk reduction measures improve immediately. Data reduction could include removing sensitive data with no user access in the last year, finding and deleting duplicate data copies, or removing data in user shares for employees/clients/partners who left in the last year. This also applies to duplicative data across different data stores in a single enterprise.

Examples can include setting cloud growth to no more than 50% of the environment total, deleting data based on set policies, limiting total number of storage locations to less than four across all of the organization's environment, or only placing sensitive data in one enclave.

A named responsible owner, expected policies, and practice/enforcement of organizational best practices will all produce profound positive impacts and shared responsibility.

Applied Recommendations

Let's see what happens if these changes were implemented today.



We can already see demonstrable shifts based on these recommendations. Let's get nuts and compare all of them at the same time for a comprehensive view:




We can already see demonstrable shifts based on these recommendations. Let's get nuts and compare all of them at the same time for a comprehensive view:




We can already see demonstrable shifts based on these recommendations. Let's get nuts and compare all of them at the same time for a comprehensive view:



We started this journey by saying humans are inherently optimistic. After this trip together, we're optimistic you have a more actionable understanding of your data and whether or not you've been looking at it through rose-colored glasses.


But is optimism so wrong?

Yes and no.


Number of organisations that experienced an attack last year

Number of organisations that experienced a material loss of sensitive information


If 99 percent of organizations experienced an attack last year and more than half admit to having a material loss of sensitive information in the last 12 months, the numbers are clearly against you. No right-minded IT or security professional would step into this fray without a certain level of optimism. It's a good thing we're optimistic because we need all hands on deck to tackle the challenges ahead.

But as we've seen, optimism, taken too far, can have dire consequences.


If you take away anything from this report, we hope it's this:

  • tick
  • tick
  • tick
  • tick


Did you enjoy that so much that you wanna go again?




Rubrik would like to end this journey by expressing our sincere gratitude to those responsible for bringing this work to light. Wakefield Research provided data to make this research as objective as possible. Shaped By, yet again, found an incredible way to take an idea and bring it to life. Finally, many Rubrikans worked hard to provide capability, context, and guidance. It's impossible to thank them all, however we'd like to extend our appreciation to Amanda "Danger" O'Callaghan, Linda Nguyen, Ben Long, Lynda Hall, Ajay Kumar Gaddam, Ryan Goss, Derek Morefield, Josh Burns, Gunakar Goswami, Prasath Mani, Ethan Hagan, Kevin Nguyen, Caleb Tolin, Kelly Cooper, and Olivia Howard.

Subscribe to Rubrik Zero Labs

For further Rubrik Zero Labs publications, please sign up below