Data Security Wrapped by Rewind: The biggest industry moments of 2024–and what they mean for 2025

Miriam Saslove | Last updated on December 20, 2024 | 10 minute read

2024 has been a defining year for the data security industry, with breaches costing businesses millions and cyber threats evolving at an unprecedented pace—often so quickly that it can be challenging to keep up.

Enter Data Security Wrapped by Rewind! Not only have we unpacked the top data industry news and takeaways of the year, but we’ve explored how your organization can ensure data resilience in 2025 and beyond. Let’s dive into how businesses can learn from this year’s most noteworthy events, implement strategies to safeguard their SaaS data, and ultimately thrive in the rapidly developing digital landscape.

The cost of complacency: Data breaches in 2024 and their impact

Data breaches have become increasingly prevalent in the last few years, and 2024 was no exception. From multinational corporations to local governments, no organization was safe from cyber threats. While data security events can impact users, operations, reputations, and more, the financial consequences of a data breach cannot be overlooked.

According to IBM’s Cost of a Data Breach Report 2024, the global average cost of a data breach this year was $4.88 million USD—a 10% increase from 2023 (and the highest total in history).

This figure is likely to continue increasing in the coming years. Before we can discuss how to mitigate the risk of a data breach, let’s outline some lessons learned from some of 2024’s significant data security events.

A trip down memory lane: Notable breaches

Widely recognized as one of the largest global IT outages in history, the Crowdstrike-Microsoft incident was also one of the most devastating—with a price tag of roughly $5.4 billion in damages, according to insurance analysts, and an estimated 8.5 million Windows devices affected worldwide.

Other notable data breaches in 2024 included:

  • Ticketmaster: Cybercriminals swiped an alleged 560 million records from the company after gaining unauthorized access to their database in April and May, leading to concerns around Ticketmaster’s security protocols and vulnerabilities. 
  • Change Healthcare: A ransomware attack compromised over 100 million people’s sensitive personal information, making it one of the largest healthcare breaches in history and leading many healthcare providers to consider their overall security strategies. 
  • AT&T: The telecommunications giant confirmed not one, but two separate data breaches just months apart. In July, AT&T said cybercriminals had stolen a cache of data that contained phone numbers and call records of around 110 million people. Earlier in March, a data breach broker shared a full cache of 73 million customer records on a known cybercrime forum.

With the volume of cyberattacks using stolen or compromised credentials growing 71% year-over-year, it’s clear that security threats facing organizations of all sizes are here to stay. How can you build your defense strategy? Start with a strong disaster recovery plan—but more on that later…

Evolving threats: 2024’s cybersecurity challenges

Innovations in the data security industry progress quickly—and so do threats to your data. With global IT spending on cloud services continuing to rise (and predicted to reach over $1 trillion by 2027), it’s imperative that we look back on the challenges faced this past year to better manage risks and future-proof SaaS data in 2025.

Don’t ignore threats lurking in the shadows

Shadow IT has become a significant problem for modern organizations as they rely more on SaaS and cloud applications. With an increasing volume of data being created and stored in these platforms, it’s no surprise that it’s becoming even harder to protect it—especially when software systems are deployed by departments or individuals other than the IT department. In fact, IBM’s Cost of a Data Breach Report 2024 states that 1 in 3 data breaches involved shadow data. 

The threat posed by Shadow IT is even more insidious within the context of human error events, which is difficult to avoid no matter how much you prepare. In Rewind’s 2024 State of SaaS Data and Recovery report, a survey of over 400 IT decision-makers, 84% of respondents said accidental deletion due to human error has caused data loss at their organization, with 49% saying it happened more than once. 

Ransomware and other external attacks continue to be a concern

Data hostage situations can cripple businesses by halting operations—resulting in financial losses and damaging reputations.

Verizon’s 2024 Data Breach Investigation Report showed that roughly 1/3 of all breaches involved ransomware or some other type of extortion technique. These tactics represent 32% of the breaches studied in the report, and ransomware was the top threat across 92% of the industries analyzed.

With the rise of remote work and many organizations still lacking sufficient cybersecurity measures, ransomware has become even more widespread. In fact, according to the Government of Canada’s National Cyber Threat Assessment 2025-2026, ransomware is the top cybercrime threat currently facing Canada’s critical infrastructure.

Artificial intelligence: A growing concern

Today, most conversations around the risks of AI involve data exposure or leakage. AI tools like ChatGPT can quickly teeter from “helpful assistants” to “friendly-looking backdoors into the corporate firewall,” putting your business at risk of accidental disclosure, breach of personal identifiable information (PII), or leaks of passwords and API keys, all of which make an attacker’s job far easier.

The data you send and receive from AI tools is a tempting hiding spot from which attackers can eavesdrop. By typing a question or inserting code into an AI tool’s prompt, you implicitly agree to let the AI process and potentially store that information.

AI is also helping cybercriminals create increasingly convincing phishing attacks. According to IBM’s X-Force Threat Intelligence Index 2024, a human-crafted phishing email takes an average of 16 hours to create, while AI can generate a deceptive phish in 5 minutes. Are you and your team ready and able to recognize these sophisticated attack vectors? With human error remaining a leading cause of data loss, proper training and education is paramount.

Black Friday Cyber Monday 2024: Insights from the year’s biggest shopping weekend

The results are in: Shopify merchants hit a record $11.5 billion in sales over the Black Friday Cyber Monday (BFCM) weekend—up 24% from $9.3 billion in 2023. Over 76 million consumers made a purchase from at least one Shopify-powered brand over the weekend, with an average cart price of $108.56 USD.

What eCommerce merchants need to know going into 2025

Our Black Friday Cyber Monday findings highlight the power of eCommerce—but also the risks. Human errors, CSV import errors, and malicious attacks are all real threats that can derail operations and lead to lost revenue. A study from Juniper Research warns that merchant losses from eCommerce payment fraud could exceed $362 billion between 2023 and 2028.

That’s why preparation is key. Many store owners assume that their eCommerce platform’s built-in protections are enough to prevent catastrophic losses. What they don’t realize is that system-wide disaster recovery of the entire platform isn’t enough to protect your user-generated online store data, which is the merchant’s responsibility

One small mistake or unexpected glitch could cost you thousands in lost sales and damage your brand’s reputation. Don’t leave your eCommerce store vulnerable going into 2025—protect your critical data.

Lessons learned: How industry leaders can mitigate the risk of data loss

2024 was a wake-up call for the world of data security. Breaches, like the ones we’ve outlined above, cost businesses millions, and cyber threats are growing more sophisticated—meaning that the stakes for protecting your SaaS data have never been higher. But what can your organization learn from what’s taken place this year?

Why third-party backups are essential for cloud security

UniSuper, a $135 billion Australian pension fund, faced a Google Cloud account deletion nightmare that affected 640,000 members. Thanks to third-party backups, they fully restored services after two weeks, highlighting the importance of diversified data backup strategies for disaster recovery—even in the face of what most would call the “worst-case scenario.”

At Rewind, we often discuss the Shared Responsibility Model, which clearly outlines that users share the responsibility of protecting their data with the SaaS provider.

The 3-2-1 backup rule never goes out of style

It’s a common problem we see here at Rewind across industries like eCommerce, finance, manufacturing, healthcare, and more: Many organizations don’t realize that it’s their responsibility to maintain extensive backups of their SaaS data. Take the case of Fat Bomb Studios: The video game developer had to delist one of their games from Steam because they didn’t know that a physical backup via hard drive wasn’t enough to keep their code secure. 

Enter: the 3-2-1 backup rule! Here’s the breakdown:

  • 3: Keep three copies of your current data. 
  • 2: That data should be stored in two different locations in the cloud.
  • 1: One of those backup copies should not be with your SaaS provider. 

While some SaaS vendors offer a rudimentary backup offering, that can be likened to backing up your hard drive to your hard drive. Think of it like leaving your car keys in the glove compartment—it’s just not something you would typically do, and not the best possible solution to your problem. Regardless of whether or not the vendor offers native backups, make sure that your backups live outside of the SaaS product itself.

If Fat Bomb Studios had followed the 3-2-1 backup rule, they could have saved their source code and continued to incur revenue from the game.

Compliance concerns are on the rise

2024 also saw a rising interest in compliance and regulatory issues, with companies as large as Google being impacted by inquiries into their data compliance. 

With regulations like GDPR and other data protection laws becoming stricter, companies need to prioritize regulatory compliance—especially those working with AI models. Take a proactive approach to ensure you’re aware of your obligations, like the European Union’s upcoming Digital Operational Resilience Act (DORA), which is scheduled to go into effect in January 2025. DORA allows financial entities to handle digital disruptions, better manage their ICT risks, report on incidents, and more. Don’t forget that strong DORA compliance strategy includes SaaS backups.

Financial entities aren’t the only ones with compliance obligations: Healthcare organizations shouldn’t ignore the importance of working with HIPAA-compliant vendors. According to an analysis of records from the Department of Health and Human Services’ Office for Civil Rights by STAT, as many as 172 million individuals (more than half the population of the United States) may have been impacted by large health data breaches in 2024. 

With a HIPAA-compliant backup solution, healthcare organizations can securely protect and restore critical data, ensuring adherence to regulatory standards and avoiding disruptions to patient care. 

Looking ahead to 2025: Building data security resilience

According to Cybersecurity Ventures, the global annual cost of cybercrime is predicted to reach $10.5 trillion USD in 2025—so it’s no surprise that data breaches have been the subject of many headlines this year.

With worrisome threats looming, increasing cloud migration, and millions of users’ data being exposed every day, we understand feeling stressed about the state of cybersecurity. Have no fear, you can take action today to mitigate these concerns! By taking a proactive approach to data protection, you’ll be able to quickly recover from data loss incidents and future-proof your SaaS data—ultimately strengthening your organization’s resilience against threats and disasters.

By 2028, 75% of enterprises will prioritize backup of SaaS applications as a critical requirement, compared to 15% in 2024, according to Gartner. Don’t get left behind! Here’s what organizations can do today as they look to build a more robust data protection strategy:

Here’s to keeping even more data safe in 2025 and beyond with the power of automated backups.


Profile picture of <a class=Miriam Saslove">
Miriam Saslove
Miriam Saslove is a chronically online storyteller based in Montreal. She loves books, concerts, coffee, and helping brands foster engagement and awareness through impactful multi-channel content. Also puns.