Thales has revealed a growing security gap among European businesses – with almost a third (29%) of surveyed enterprises experiencing a breach last year, and only a little more than half (55%) believe their digital transformation deployments are very or extremely secure. These findings are detailed in the 2019 Thales Data Threat Report – Europe Edition with research and analysis from IDC.
Across Europe, more than 84% of organisations are using or planning to use digitally transformative technologies including cloud, big data, mobile payments, social media, containers, blockchain and Internet of Things (IoT). Sensitive data is highly exposed in these environments: in the UK, almost all (97%) of these organisations state they are using this type of data with digital transformation technologies.
“Across Europe, organizations are embracing digital transformative technologies – while advancing their business objectives, this is also leaving sensitive data exposed,” said Sebastien Cano, senior vice president of cloud protection and licensing activity at Thales. “European enterprises surveyed still do not rank data breach prevention as a top IT security spending priority – focusing more broadly on security best practice and brand reputation issues. Yet, data breaches continue to become more prevalent. These organisations need to take a hard look at their encryption and access management strategies in order to secure their digital transformation journey, especially as they transition to the cloud and strive to meet regulatory and compliance mandates.”
Security confidence challenged in digitally transformative environments
However, not everyone is confident of the security of these environments. Across Europe, only a little more than half (55%) claim their digital deployments are very or extremely secure. The UK is the most confident in its levels of security with two thirds (66%) saying they are very or extremely secure. In Germany, confidence is much lower at 49%.
Multi-cloud security remains top challenge
The most common use of sensitive data within digital transformation is in the cloud. Across Europe, 90% of organisations are using, or will use, all cloud environments this year (Software as a Service, Platform as a Service and Infrastructure as a Service). These deployments do not come without concerns, however. The top three security issues for organisations using cloud were ranked as:
-38% - security of data if cloud provider is acquired/fails;
-37% - lack of visibility into security practises; and,
-36% - vulnerabilities from shared infrastructure and security breaches/attacks at the cloud provider.
Businesses are working hard to alleviate these concerns. Over a third (37%) of organisations see encryption of data with service provider managed encryption keys, detailed architecture and security information for IT and physical security, and SLAs in case of a data breach tied as the most important changes needed to address security issues in the cloud.
Compliance is not a security priority
Despite more than 100 new data privacy regulations, including GDPR, affecting almost all (91%) organisations across Europe, compliance is only seen as a top priority for security spend in the UK by 40% of businesses. Interestingly, 20% of UK businesses failed a compliance audit in the last year because of data security issues. When it comes to meeting data privacy regulations, the top two methods named by respondents working to meet strict regulations are encrypting personal data (47%) and tokenising personal data (23%).
“Clearly there is a significant shift to digital transformation technologies and the issues around data held within these cannot be taken lightly,” said Frank Dickson, program vice president for security products research, IDC. “Data privacy regulations have been hot on the agenda over the past 18 months, with so many coming into force. Organisations are now finding themselves considering the cost of becoming compliant against the risk of potential breaches and the subsequent fines.”
Attack levels are highOne of the most jarring findings of the report is that almost two thirds of organisations across Europe (61%) have encountered a data breach at some stage. The UK fares slightly better than the average for Europe with just over half (54%) of organisations saying they have encountered a breach. However, across Europe 29%, of organisations who have faced a data breach did so in the last year; a shocking one in 10 have suffered a data breach both in the last year and at another time.