European businesses signal ‘growing security gap’ amid mass digital transformation

Thales has revealed a growing security gap among European businesses, with almost a third (29%) of surveyed enterprises experiencing a breach last year and only a little more than half (55%) believing their digital transformation deployments to be either very or extremely secure. These findings are detailed in the 2019 Thales Data Threat Report (Europe Edition) which is complete with research and analysis from IDC.

Across Europe, more than 84% of organisations are using (or planning to use) digitally transformative technologies including cloud, Big Data, mobile payments, social media, containers, blockchain and the Internet of Things (IoT). Sensitive data is highly exposed in these environments. Here in the UK, almost all (97%) of these organisations state that they’re using this type of data with digital transformation technologies.

“Across Europe, organisations are embracing digital transformative technologies while also advancing their business objectives, but this is also leaving sensitive data exposed,” said Sebastien Cano, senior vice-president of cloud protection and licensing activity at Thales. “European enterprises surveyed still don’t rank data breach prevention as a top IT security spending priority, focusing more broadly on security Best Practice and brand reputation issues. Yet data breaches continue to become more prevalent. These organisations need to take a hard look at their encryption and access management strategies in order to secure their digital transformation journey, and especially so as they transition to the cloud and strive to meet regulatory and compliance mandates.”

However, not everyone is confident of the security of these environments. Across Europe, only a little more than half (55%) claim their digital deployments are very or extremely secure. The UK is the most confident in its levels of security, with two-thirds (66%) of respondents saying they’re either very or extremely secure. In Germany, confidence is much lower at 49%. 

Multi-cloud security

The most common use of sensitive data within digital transformation is in the cloud. Across Europe, 90% of organisations are using – or will use – all cloud environments this year (Software-as-a-Service, Platform-as-a-Service and Infrastructure-as-a-Service). These deployments don’t come without concerns, though.

Indeed, the Top Three security issues for organisations using cloud are ranked as:

*38%: Security of data if the cloud provider is acquired/fails

*37%: Lack of visibility into security practises

*36%: Vulnerabilities from shared infrastructure and security breaches/attacks at the cloud provider

Businesses are working hard to alleviate these concerns. Over a third (37%) of organisations see encryption of data with service provider managed encryption keys, detailed architecture and security information for IT and physical security and Service Level Agreements in case of a data breach tied as the most important changes needed to address security issues in the cloud.

Compliance: Not a security priority

Despite more than 100 new data privacy regulations – including the EU’s new General Data Protection Regulation – affecting almost all (91%) organisations across Europe, compliance is only seen as a top priority for security spend in the UK by 40% of businesses.

Interestingly, 20% of UK businesses failed a compliance audit in the last year because of data security issues. When it comes to meeting data privacy regulations, the top two methods named by respondents working to meet strict regulations are encrypting personal data (47%) and ‘tokenising’ personal data (23%).

“Clearly, there’s a significant shift to digital transformation technologies and the issues around data held within these cannot be taken lightly,” said Frank Dickson, programme vice-president for security products research at IDC. “Data privacy regulations have been hot on the agenda over the past 18 months, with so many coming into force. Organisations are now finding themselves considering the cost of becoming compliant against the risk of potential breaches and the subsequent fines.”

Attack levels high

One of the most jarring findings of the new report is that almost two-thirds of organisations across Europe (61%, in fact) have encountered a data breach at some stage. The UK fares slightly better than the average for Europe with just over half (54%) of organisations saying they’ve encountered a breach.

However, across Europe 29% of organisations who’ve faced a data breach did so in the last year. A shocking one in every ten has suffered a data breach both in the last year and at another time.

*For more key findings download a copy of the 2019 Thales Data Threat Report (Europe Edition)

**Thales will also be hosting a webinar on Thursday 13 June at 3.00 pm BT about ‘The State of Data Security in Europe’. To join the event visit the registration page

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts