Yesterday, comforte AG released the findings of a survey conducted on over 500 IT Security Specialists and Chief Information Officers across the UK, France and Germany. The research revealed that European IT and security leaders may be dangerously over-confident in their ability to avoid cyberattacks and mitigate the risk of serious data compromise.
comforte AG commissioned Censuswide to conduct the interview.
The findings reveal that most organisations have suffered a serious cyberattack in the last two years. with over half of respondents saying their company suffered an attack 1-3 times in this time period. Worryingly, 20% of respondents claim to have been attacked 4-6 times. Only 18% managed to avoid an attack altogether. However, an overwhelming majority of respondents are somewhat or very confident that they’ll avoid an attack in the next couple of years.
This apparent over-confidence in enterprise threat prevention, detection and response capabilities is doubly concerning because it seems to have encouraged complacency over data protection.
Three-quarters (76%) of those interviewed admit they’re taking a tick-box approach to GDPR compliance, which involves doing the bare minimum on data privacy and security. And although most (97%) have a contingency plan in place should they get breached, a quarter (26%) have not tested it.
The research also uncovers awareness gaps around data risk.
Around two-thirds of respondents say their organisation considers customer (66%) and financial data (63%) to be “risky.” But the figure drops to 60% for employee data, and even further for intellectual property (45%) and health data (28%).
In fact, health-related data is classified as “special category” data by the GDPR, meaning it requires more protection.
Henning Horst, CTO of comforte AG adds: “Data is the number one asset that any organisation holds, and they shouldn’t wait until it’s too late to take action. Our research clearly shows that serious attacks are a matter of when, not if. By deploying data-centric security today, enterprises can mitigate the worst impacts of a potential breach tomorrow, and drive digital transformation initiatives forward with confidence.”
Although 87% of respondents say their security budget will likely increase this year, nearly two-thirds (64%) still view data protection as a hurdle to digital transformation, rather than a driver for projects.