Few respondents to a CyberRisk Alliance Business Intelligence survey said they were confident in their organizations' ability to protect data against a breach or loss. ("Man holding a USB drive in hand. Handing over top secret data" by Ivan Radic is marked with CC BY 2.0.)

IT and security leaders lack confidence that their organizations can properly protect data against a breach, despite substantial investments in data loss prevention technology.

Indeed, new research from CyberRisk Alliance Business Intelligence found that 61% of those surveyed have data loss prevention (DLP) technology deployed, and another 50% believe their organizations are “very likely” to invest in enterprise DLP solutions in the next 12 months. The top driver for investing in enterprise DLP is identification of sensitive or regulated data, with 51% of respondents describing that as “very important.”

Nearly half said that protection of remote workers, regulatory compliance, and acceleration of incident response and investigation are also “very important” drivers. Management of insider threats and a unified console for control and visibility across data loss channels are also important factors behind investment.

The survey, based on 251 online interviews of IT and cybersecurity decision-makers, also revealed that despite this investment in DLP, few respondents are fully confident in their organizations’ ability to protect data against a breach or loss. Fewer than one-third of U.S. respondents and fewer than one-quarter of European respondents are “very confident” in this ability.

Click here to download the full report, "Legacy DLP Crumbles in the Cloud."

One main reason for the lack of confidence: Roughly 80% of all respondents’ organizations have experienced at least one security incident — a breach or leak arising from compromised, malicious or unintentional causes — in the past 12 months. More than one-third of U.S. respondents say their organization has experienced at least three data breach/data leak incidents in the past year, compared with 22% of Europeans.

And nearly 50% of respondents said the number of breaches/losses increased at their organization in 2021 compared with 2020. More than half (53%) of all U.S. respondents reported that the number of breaches increased in the past year, compared with 40% of Europeans.

Data breaches present wide-ranging consequences, but the most significant impacts are loss of customers and customer trust (49%), loss of brand value and reputation (45%), and financial losses (44%). These were relatively consistent across regions, although U.S. respondents were slightly more likely to have been affected by regulatory fines and penalties.

To counteract these consequences respondents say enterprise DLP platforms are the solution of choice for 28% of the group, followed by hybrid solutions — a mix of on-premises and cloud-based technologies (25%) and multiple DLP tools offered by different vendors to handle various data loss channels (21%). Europe (14%) is significantly more likely than the U.S. (4%) to use manual solutions for DLP.

Most respondents are well-versed in insider threat management: 75% are either very familiar with this strategy or have already adopted it. U.S. respondents are significantly more likely than Europeans to be very familiar with insider threat management: 72% versus 56%.

And even though respondents consider the cloud to be one of the riskiest data loss channels, they are less likely to include cloud threat prevention and remote user/cloud application access controls in data security strategies than other components, such as DLP, identity management, and insider threat management. In a sign that zero trust has gained growing acceptance in the market, slightly more than one-third (35%) of respondents include zero trust in their strategies.

Other significant findings in the CRA report, which was sponsored by Proofpoint:

  • Nearly all respondents have some type of DLP solution, with enter­prise platforms and hybrid solutions (in which DLP is partly handled by a managed service provider) most common. In addition, most respondents are familiar with or have adopted insider threat manage­ment (significantly more so in the U.S.).
  • DLP, identity management, and insider-threat management are the most common components of data security strategies. Such strate­gies are less likely to include cloud threat prevention and remote user/ cloud application access controls.
  • Respondents look for numerous capabilities in data protection solu­tions, but the most important are data encryption, DLP, and regu­latory compliance. However, slightly less than half of respondents consider their DLP solution to be very effective in these three areas.
  • While most respondents are “very” or “some­what likely” to invest in DLP in the next 12 months, investment intention varies considerably between the U.S., where 56% of respondents said their organizations are very likely to make an enterprise DLP platform investment, and Europe, where only 29% anticipate that investment.