In Europe, as in the rest of the world, reports of major security breaches continue unabated, despite global efforts to fight back with increased IT security spending – according to a Data Threat Report.
This suggests that either the attackers are managing to stay a step ahead of cybersecurity efforts – or worse, that the increased funding is not being deployed most effectively to counteract evolving threats and new
Regardless, doing what we have been doing for decades is no longer working. The more relevant question on the minds of IT and business leaders is: “What will it take to stop the breaches?”
The new computing environments that virtually every enterprise is leveraging for digital transformation are as large a component of the problem as evolving threats, or even more so. The benefits of this transformation are substantial, but the many different categories and implementation models being used need specific attention to data security by both type and instance, making the problem of safely using sensitive data within them complex and difficult if the right solutions are not identified and used to meet this need.
Moreover, as readers are no doubt aware, this is also the year when Europe’s General Data Protection Regulation (GDPR), among the most sweeping and comprehensive data privacy/information security regulations ever implemented, begins to be enforced. Combining GDPR with the realities of unabated data breaches, digital transformation and expanding threat
landscapes results in the potential for business disruption and costly penalties as enterprises struggle to adjust.
Digital transformation requires a new data security approach
Digital transformation drives efficiency and scale for existing products and services, while also making possible new business models that drive growth and profitability. Enterprises across Europe are embracing the opportunity by leveraging all that digital technology offers, but can leave the security of their sensitive data at risk in the rush to deployment.
We found that the overall adoption of cloud, big data, IoT, containers, mobile payments and blockchain technologies by enterprises is at very high levels to drive this transformation. Cloud adoption is now universal, creating the new problem of how to securely use and manage multi-cloud deployments.
Big Data usage is now at 97%, and blockchain, mobile payments, and IoT usage are all at more than 90% adoption rates. With 99% of respondents also identifying that their organisations are using sensitive data within these environments these massive rates of adoption make the problem of data security hypercritical.
Not only do each of these environments have unique data security problems, but enterprises must also deal with compliance with GDPR requirements for data security wherever the personal information of EU citizens is deployed.
Data breaches are the new reality
With the enforcement phase of GDPR underway, it’s long been the expectation that enterprises will start to take their data security very seriously. The bad news is that even with this incentive looming reports of data breaches last year were substantially up in Europe. On average, roughly one-third (32%) of European respondents report being breached in the previous year, slightly less than the global average (36%).
This rate is also well below the US (46%), though both the UK (37%) and Germany (33%)
showed sizable increases in the number of those reporting breaches in the past year, up from 22% (UK) and 25% (Germany). Similarly, nearly three-fourths in the Netherlands (74%) and Sweden (78%) have experienced a data breach at any point in the past, well ahead of the global average of 67%.
Another sign that troubled times may be ahead for many enterprises are the rates of failure “in the last year” for data security compliance audits – More than one in three (35%) of respondents polled in European enterprises reported a failed compliance audit in the last year.
Moreover, this level of failure was measured before enforcement began. In every country polled except for the UK, this rate of compliance audit “failure in the last year” was higher than all “failures at another time in the past”, sometimes by more than a four to one ratio. We do not have data to show whether this level of audit failure is a result of preparation to meet the new standards, but let’s hope so for the sake of citizen’s private data.
One other result of this seemingly endless onslaught of successful breaches and failed compliance audits has been elevated feelings of vulnerability to data threats. On average, 41% of European respondents report feeling either ‘very’ or ‘extremely’ vulnerable to data threats, slightly below the global average of 44%. Sweden (50%) and the Netherlands (47%) were notably at the high end, while Germany (36%) and the UK (31%) were somewhat surprisingly at the low end, despite having each
experienced large jumps in breaches from the prior year.
However, our results also show good news as well. IT security budgets are starting to expand to counteract these threats. 72% are increasing their IT security spending, with 27% reporting that IT security spending will be much higher this year.