Thales eSecurity Blog

Announcing Our 2016 European Data Threat Report

Tina Stewart
Tina Stewart | VP of Market Strategy More About This Author >

Euro feeling vulnerableBack in 2014, we released results from our European Insider Threat Report. The Report took the pulse of 500 IT decision-makers at mid and large size organizations in the UK, France and Germany. At the time, it found that only 9% of businesses felt safe from insider threats, with nearly half of UK based respondents (42 percent) acknowledging it is “privileged users” (system administrators, database administrators, network administrators, etc.) posing the biggest risk to their organization.

Today, we announced findings from our 2016 European Data Threat Report (DTR). After all, much has changed in the past two years. Edward Snowden’s mischief has been usurped by a steady stream of breaches wreaking havoc on a litany of organizations – and damaging their financial, legal and brand reputations (see: VTech and TalkTalk). Safe Harbor has been struck down, and the General Data Protection Regulation (GDPR), which puts in place strict punishments should organizations fail to comply with security regulations, has passed and is in implementation. Additionally, we’ve seen the explosive growth of emerging technologies like Big Data, cloud computing and the Internet of Things (IoT).

Click To Tweet:    UK IT security pros worry about their data @socialtis #2016DataThreat bit.ly/1WLchYb

With this rapidly evolving landscape in mind, our 2016 survey took a deeper and more expansive look at overall data security and data protection concerns. Topics probed include attitudes towards compliance; encryption rationales; data security adoption barriers; spending priorities; perceived insider and external threats; and of course, comfort levels with IoT, cloud and big data security.

We encourage you to read the full report, which you may find here . In the meantime, here’s a snapshot of some of our compelling findings:

UK + Compliance=A Bit of Good Old British Skepticism

Just 61% of respondents in the UK cite compliance as “very” or “extremely” effective, ahead of only Japan at 33% and Mexico at 57%. Meanwhile, 67% of German respondents view compliance requirements as either “very” or “extremely” effective in preventing data breaches, ahead of the global average of 64% and trailing only Brazil (83%) and Australia (68%). Interestingly, German organizations are also more likely than most regions to have failed a compliance audit at some point in the past (36%).

Your Reputation Precedes You, Sir

When asked to pick the three most important reasons for securing sensitive data, the top answers are “reputation and brand protection” (given by 50 percent of UK organizations), “compliance requirements” (given by 47 percent) and “implementing best security practices”, given by 41 percent. It makes sense; organizations live and die by their reputations.

Data Security Adoption: It’s Complicated

“Complexity” was identified as the number one barrier to adopting data security more widely for both the UK and Germany, though by a much wider margin for Germany (71%) compared to the UK (56%) and the global average (57%).

We believe some of this has to do with holdover skepticism. Data security solutions have been perceived as being difficult to install and maintain for decades now. The good thing? Technology evolves. It gets better, faster and more efficient. So, we expect this attitude to change, with the caveat that it may take some time.

Not Just Your Average Joe

When it comes to insider risks to sensitive data, Germany and the UK aren’t exactly on the same page. While both countries identify privileged insiders as the number one threat (in line with the global average of 58%), Germany is more concerned about the threat from ordinary employees (45% vs. 33% globally) than any other nation except Japan (also 45%).

There is a meeting of the minds on external threats, however. Cyber-criminals hold the number one spot in both Germany and the UK, with 84% and 81% of respondents, respectively, slightly ahead of the global average (79%).

IoT: In the Toddler Stage

Aside from Japan (17%), the UK has among the lowest plans to store sensitive data in IoT environments (25% vs. 33% global average), while Germany is only slightly less conservative (30%). Given the low storage priority, it’s perhaps unsurprising that the IoT is also well down the list for both nations when it comes to the most risky locations for storing sensitive data, ranking seventh in Germany and tenth in the UK.

We posit the current IoT security concerns largely reflect the IoT’s early stage of adoption. But, you should expect to see these numbers dramatically change in the coming years.

What’s the Sentiment Across the Pond?

For the most part, data security and protection sentiments are fairly aligned in Europe and the U.S. (as usual, we’re more similar than we are different!) For example, results from our 2016 global DTR show spending intentions reflect a tendency to stick with what has worked – or not worked – in the past, such as network and endpoint security.  This holds true across the board.

That said, there are some interesting differences. For example, 46% of U.S respondents consider executives to be the second most dangerous insider threat, behind privileged users (63%). Respondents are considerably more trusting of executives in the UK and Germany.

Want more like this? Well, guess you’re going to have to check out the report! Before you make haste to our DTR landing page, some parting thoughts:

  • Doing more of the same won’t help us achieve an improved security posture – whether it be in Europe, the U.S. or Latin America.
  • While we encourage increased adoption of encryption and other data security techniques, organizations would be wise to select solutions that are cost effective, simpler to use and require less manpower to deploy, operate and maintain. It’s in the best interest of all.
  • On top of encryption, organizations should explore new security analytics techniques that provide a greater degree of visibility into potentially compromised resources.

Expect more on this in the coming months….