Thales eSecurity Blog

The state of European cybersecurity and lessons to learn

Kai Zobel
Kai Zobel | Senior Director More About This Author >

As one of our recent blogs discussed, we are entering a new era of business – one that will see wholesale digital transformation drive a digital-first approach by businesses globally. And as our 2019 Thales Data Threat Report – Europe Edition recently revealed, many of these businesses become extremely vulnerable during digital transformation, with those in Europe being no different.

Yet, the importance of securing an organisation’s data is not a new phenomenon; nor is awareness of the issue among senior decision-makers in a business. So, as the nature of data threats evolve and pressure on the boardroom grows to tighten up cyber resilience, what has changed? Why is this more ‘mission critical’ than ever, and what key mistakes are still being made in the boardroom?

We gathered a group of experts together in central London, along with media, for a lively debate over these issues – in the context of this year’s report findings. And as the discussion moved along, four overarching themes emerged.

The state of European cybersecurity and lessons to learn

Caption: Moderated by seasoned technology journalist Stephen Pritchard, the panel featured: Kai Zobel, senior director at Thales; Jason Hart, cybersecurity evangelist at Thales; James Ware, security solutions architect at KT Secure; Dr Robert Nowill, chairman of Cyber Security Challenge UK

Data-driven business

Businesses are creating and collecting so much data today, that the notion of data being ‘the new oil’ almost seems an understatement. Organisations are still getting to grips with what all the data even means, or can be used for – so it’s no surprise they are still making mistakes when it comes to securing the data.

Bridging this gap will be vital as we move into an era of automation and orienting almost every business decision around ‘what the data says’. Making matters worse, it isn’t always immediately obvious when data has been compromised – picture a future where corporate criminals access and manipulate information without detection, leading a business to make fundamentally misguided decisions weeks, months or years later. The financial and reputational damage could prove to be severe.

Encryption, encryption, encryption

Today’s threat mix is evolving, with businesses increasingly fearful of external threats like cyber-criminals, cyber-terrorists and ‘hacktivists’, rather than internal ones. As these threats evolve, this is no longer an issue the boardroom can ignore. Despite this, many of the fundamentals of cyber-resilience remain the same and businesses still aren’t getting to grips with the basics.

Encryption is one clear example of how organisations can be doing more with those fundamentals: as this recap of the event highlights, encryption remains core to building cyber-resilience and a core weakness in cyber-security efforts across the board. Only 27% of European organisations encrypt their data, leaving the door wide open to the likes of cyber-criminals and hacktivists. These organisations need to take a hard look at their encryption and access management strategies, as they transition to the cloud and strive to meet regulatory and compliance mandates.

The GDPR effect

The General Data Protegtion Regulation (GDPR) has been a watershed moment for data privacy, and will continue to drive change as non-European regions consider similar approaches. A year since the new rules came into force, it is unsurprising to see a heavy emphasis on security-related compliance; around 40% of UK businesses prioritise compliance in their security spend, as one example.

However, to truly realise the benefits of digital transformation without putting the business at greater risk, these organisations must take a view that is longer-term and beyond ‘just good enough’ security. These organisations mustn’t fall into a trap of thinking that ticking the box on GDPR compliance means their data is private and secure.

Overconfidence and the skills gap

European businesses are increasingly at risk of cyberattacks if security attitudes don’t change. The report found that UK businesses, for example, are especially over-confident: over half (54%) of UK businesses have now been breached at some stage, yet only 24% feel vulnerable to data security threats – compared with 34% globally. It came as no surprise last week, then, to see a UK Government report suggest that the country is more vulnerable to cyber attacks than ever before.

As the panel discussed the boardroom’s approach and the challenge that lies ahead, the conversation turned to skills. The current ‘skills gap’ in cyber-security is only likely to grow, and as Dr Nowill explained, the issue is too often left to government and the public sector to address. The lack of education on cyber-security, he suggested, is widespread – meaning the private sector can also play a critical role in improving understanding of the fundamentals, from today’s C-suite to the next generation of cybersecurity leaders.

To find out more about Europe’s evolving data threats, download the 2019 Thales Data Threat Report – Europe Edition today.