Thales has revealed a growing security gap among European businesses, with almost a third (29%) of surveyed enterprises experiencing a breach last year and only a little more than half (55%) believing their digital transformation deployments to be either very or extremely secure. These findings are detailed in the 2019 Thales Data Threat Report (Europe Edition) which is complete with research and analysis from IDC.
Across Europe, more than 84% of organisations are using (or planning to use) digitally transformative technologies including cloud, Big Data, mobile payments, social media, containers, blockchain and the Internet of Things (IoT). Sensitive data is highly exposed in these environments. Here in the UK, almost all (97%) of these organisations state that they’re using this type of data with digital transformation technologies.
“Across Europe, organisations are embracing digital transformative technologies while also advancing their business objectives, but this is also leaving sensitive data exposed,” said Sebastien Cano, senior vice-president of cloud protection and licensing activity at Thales. “European enterprises surveyed still don’t rank data breach prevention as a top IT security spending priority, focusing more broadly on security Best Practice and brand reputation issues. Yet data breaches continue to become more prevalent. These organisations need to take a hard look at their encryption and access management strategies in order to secure their digital transformation journey, and especially so as they transition to the cloud and strive to meet regulatory and compliance mandates.”
However, not everyone is confident of the security of these environments. Across Europe, only a little more than half (55%) claim their digital deployments are very or extremely secure. The UK is the most confident in its levels of security, with two-thirds (66%) of respondents saying they’re either very or extremely secure. In Germany, confidence is much lower at 49%.
The most common use of sensitive data within digital transformation is in the cloud. Across Europe, 90% of organisations are using – or will use – all cloud environments this year (Software-as-a-Service, Platform-as-a-Service and Infrastructure-as-a-Service). These deployments don’t come without concerns, though.
Indeed, the Top Three security issues for organisations using cloud are ranked as:
*38%: Security of data if the cloud provider is acquired/fails
*37%: Lack of visibility into security practises
*36%: Vulnerabilities from shared infrastructure and security breaches/attacks at the cloud provider
Businesses are working hard to alleviate these concerns. Over a third (37%) of organisations see encryption of data with service provider managed encryption keys, detailed architecture and security information for IT and physical security and Service Level Agreements in case of a data breach tied as the most important changes needed to address security issues in the cloud.
Compliance: Not a security priority
Despite more than 100 new data privacy regulations – including the EU’s new General Data Protection Regulation – affecting almost all (91%) organisations across Europe, compliance is only seen as a top priority for security spend in the UK by 40% of businesses.
Interestingly, 20% of UK businesses failed a compliance audit in the last year because of data security issues. When it comes to meeting data privacy regulations, the top two methods named by respondents working to meet strict regulations are encrypting personal data (47%) and ‘tokenising’ personal data (23%).
“Clearly, there’s a significant shift to digital transformation technologies and the issues around data held within these cannot be taken lightly,” said Frank Dickson, programme vice-president for security products research at IDC. “Data privacy regulations have been hot on the agenda over the past 18 months, with so many coming into force. Organisations are now finding themselves considering the cost of becoming compliant against the risk of potential breaches and the subsequent fines.”
Attack levels high
One of the most jarring findings of the new report is that almost two-thirds of organisations across Europe (61%, in fact) have encountered a data breach at some stage. The UK fares slightly better than the average for Europe with just over half (54%) of organisations saying they’ve encountered a breach.
However, across Europe 29% of organisations who’ve faced a data breach did so in the last year. A shocking one in every ten has suffered a data breach both in the last year and at another time.
*For more key findings download a copy of the 2019 Thales Data Threat Report (Europe Edition)
**Thales will also be hosting a webinar on Thursday 13 June at 3.00 pm BT about ‘The State of Data Security in Europe’. To join the event visit the registration page