There’s a growing cyber-security gap among European businesses – with almost a third (29pc) of surveyed enterprises experiencing a breach last year, and only a little more than half (55pc) believe their digital transformation deployments are very or extremely secure. These findings are detailed in the 2019 Thales Data Threat Report – Europe Edition with research and analysis from IDC.
Across Europe, more than 84pc of organisations are using or planning to use digitally transformative technologies including cloud, big data, mobile payments, social media, containers, blockchain and Internet of Things (IoT). In the UK, almost all (97pc) of these organisations state they are using this type of data with digital transformation technologies.
Sebastien Cano, senior vice president of cloud protection and licensing activity at Thales said: “Across Europe, organisations are embracing digital transformative technologies – while advancing their business objectives, this is also leaving sensitive data exposed. European enterprises surveyed still do not rank data breach prevention as a top IT security spending priority – focusing more broadly on security best practice and brand reputation issues. Yet, data breaches continue to become more prevalent. These organisations need to take a hard look at their encryption and access management strategies in order to secure their digital transformation journey, especially as they transition to the cloud and strive to meet regulatory and compliance mandates.”
However, not everyone is confident of the security. Across Europe, only a little more than half (55pc) claim their digital deployments are very or extremely secure. The UK is the most confident in its levels of security with two thirds (66pc) saying they are very or extremely secure. In Germany, confidence is much lower at 49pc.
Multi-cloud security
The most common use of sensitive data within digital transformation is in the cloud. Across Europe, 90pc of organisations are using, or will use, all cloud environments this year (Software as a Service, Platform as a Service and Infrastructure as a Service). These deployments do not come without concerns, however. The top three security issues for organisations using cloud were ranked as:
38pc – security of data if cloud provider is acquired/fails;
37pc – lack of visibility into security practises; and,
36pc – vulnerabilities from shared infrastructure and security breaches/attacks at the cloud provider.
Businesses are working to alleviate these concerns. Over a third (37pc) of organisations see encryption of data with service provider managed encryption keys, detailed architecture and security information for IT and physical security, and SLAs in case of a data breach tied as the most important changes needed to address security issues in the cloud.
Compliance
Despite more than 100 new data privacy regulations, including GDPR, affecting almost all (91pc) organisations across Europe, compliance is only seen as a top priority for security spend in the UK by 40pc of businesses. A minority, 20pc of UK businesses failed a compliance audit in the last year because of data security issues. When it comes to meeting data privacy regulations, the top two methods named by respondents working to meet strict regulations are encrypting personal data (47pc) and tokenising personal data (23pc).
Frank Dickson, program vice president for security products research, IDC said: “Clearly there is a significant shift to digital transformation technologies and the issues around data held within these cannot be taken lightly. Data privacy regulations have been hot on the agenda over the past 18 months, with so many coming into force. Organisations are now finding themselves considering the cost of becoming compliant against the risk of potential breaches and the subsequent fines.”
One of the most jarring findings; almost two thirds of organisations across Europe (61pc) have encountered a data breach at some stage. The UK fares slightly better than the average for Europe with just over half (54pc) saying they have encountered a breach. However, across Europe 29pc, of organisations who have faced a data breach did so in the last year; a tenth have suffered a data breach both in the last year and at another time.
