Research: Data Breaches Up, Security Spending Priorities Out of Whack

Written by

Most companies around the globe feel vulnerable to data threats, and widely so: The rate of data breaches are up, with 61% experiencing a breach in the past (22% within the last year, and 39% in a previous year).

The 2016 Vormetric Data Threat Report found that 91% of organizations are concerned with data security, especially when it comes to its impact on reputation and brand.

However, companies are also misguided when it comes to battling the threat. The report, issued in conjunction with analyst firm 451 Research, also found that organizations continue to equate compliance with security in the belief that meeting compliance requirements will be enough. Nearly two thirds (64%) rated compliance as very or extremely effective at stopping data breaches—up from 58% last year.

This of course runs directly counter to the facts: Data breaches are on the rise even in organizations certified as compliant.

“Compliance does not ensure security,” said Garrett Bekker, senior analyst, enterprise security, at 451 Research and the author of the report. “As we learned from data theft incidents at companies that had reportedly met compliance mandates (such as Anthem, Home Depot and others), being compliant doesn’t necessarily mean you won’t be breached and have your sensitive data stolen.”

Unsurprisingly, investments in IT security controls were also shown to be misplaced. At 46% overall, compliance was also the top selection for setting IT security spending priorities, especially in the healthcare (61%) and financial services (56%) verticals.

Most companies also are heavily focused on perimeter defenses that consistently fail to halt breaches and increasingly sophisticated cyberattacks. About 78% rate network defenses as very or extremely effective at preventing data breaches; 62% also rated endpoint and mobile defenses very or extremely effective for data breach prevention.

Meanwhile, increases in spending on data-at-rest defenses (39%) have declined from last year (47%).

 “Organizations are also spending ineffectively to prevent data breaches, with spending increases focused on network and endpoint security technologies that offer little help in defending against multi-stage attacks,” added Bekker. “It’s no longer enough to just secure our networks and endpoints.”

The report also found significant differences in the primary drivers for data security strategies around the world. Compliance requirements were top drivers in the US (54%), Australia (51%) and Germany (47%); but in Japan, requirements from business partners, customers or prospects were the highest priority (50%). Reputation and brand protection were the most important spending drivers in the UK (50%) and Mexico (58%).

 “Given the extensive media coverage dedicated to UK firms that suffered data breaches in the past year, it should come as no surprise that reputation and brand protection are now the top drivers for security spending among UK organizations,” said Louise Bulman, regional vice president and general manager, EMEA at Vormetric. “There is absolutely no doubt that businesses today need an urgent rethink on current data security policies as consumers are rapidly losing faith with companies that cannot protect their private information effectively. Proactive steps such as strong encryption should be taken now to ensure the protection of that data even if it falls into the wrong hands.”

Photo © Mclek

What’s hot on Infosecurity Magazine?