Content

Thales Data Threat Report: Increased security spend – in the wrong place

Some 78 percent of organisations polled The Thales 2018 Data Threat Report plan on increasing their IT security spending in 2018, up from 73 percent globally in 2017, and including nearly 86 percent of US organisations.


But most are ramping up expenditure on things that are the least effective in securing data, while spending less on security approaches that are deemed most effective.


For example, perceived effectiveness of securing data at rest, at 77 percent, was rated as exceeding network security at 75 percent.  Meanwhile endpoint security was last in terms of effectiveness. But perversely, endpoint has the highest planned spending globally at 57 percent - compared to spending on security at rest which came bottom at 40 percent.


The report also notes how in the past years, compliance has been the main driver of setting security spending priorities, this year, at 37 percent, compliance was overtaken by fear of financial penalties from data breaches, with 39 percent putting ‘avoidance of financial penalties' as the top concern, though GDPR and  PSD2, plus APPI changes in Japan will have an impact in the year ahead..


Further bad news is that successful breaches have reached an all-time high for both mid-sized and enterprise class organisations, with more than two thirds (67 percent) of global organisations and nearly three fourths (71 percent) in the US having been breached at some point in the past.


Other findings include 71 percent of enterprises already gathering data for IoT initiatives with security concerns a major impediment to deployment.


SaaS is the new tech most likely to house sensitive data (45 percent globally)

Use of containers is growing 40 percent annually, expected to reach US$ 2.7 billion (£1.9 billion) by 2020.


Blockchain is expected to disrupt virtually all business models and industries globally, incking Public Key Infrastructure and identity management. Complexity, or the perception that data security is complex, remains the top barrier to implementing effective data security says the report, at 43 percent globally.


More than twice as many respondents chose encryption as the top means of ensuring compliance and privacy compared to number two choice, tokenisation.


Multi-cloud strategies are increasingly adopted, with 84 percent globally choosing more than one IaaS vendor, and 34 percent using more than 50 SaaS applications. Thales' report, aimed at answering the question,“What will it take to stop the breaches?”  is based on research surveying 1,200+ senior executives from across the globe, including respondents from key regional markets such as the US, UK, Germany, Japan, Sweden, the Netherlands, Korea and India. Whilst all 1,200 have some influence in data security decision-making, more than one third (34 percent) have major influence on these decisions and nearly half (46 percent) have sole authority in decision making.


In this year's report, India, Korea, Sweden and the Netherlands replaced responses from countries such as Australia, Brazil and Mexico. However, the US, UK, Germany and Japan have been a part of the two prior reports with 800 respondents data being included.


As with Thales' previous reports, the base questions from the previous year are still included, however, several new questions are added that are centered around the new technologies that firms are using to drive their digital transformation. Specifically, the new questions this year (of which there are five) centre around the prevalence of multi-cloud adoption, securing Big Data environments, the security impact of machine learning and AI, mobile payments and blockchain. In summary, Thales have tried to keep comparative consistency from year to year, while at the same time permitting the report to evolve.


Also listen to Thales' upcoming Webinar on SC Media UK

Is it safe? How to embrace Cloud efficiency without compromising data security

Enabling digital transformation strategies to embrace Cloud efficiency and data security

22 March, 2pm GMT Add to Calendar
SIGN UP TO WATCH






Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.