A survey conducted by comforte AG on over 500 IT Security Specialists and Chief Information Officers across the UK, France and Germany highlights the fact that European IT and security leaders are overly confident in their ability to avoid cyber attacks and mitigate the risk of serious data compromise. Comforte AG commissioned Censuswide to conduct the interview, which showed that most organisations have suffered a serious cyber attack in the last two years, with over half of respondents saying their company suffered an attack 1-3 times in this time period. Worryingly, 20% of respondents claim to have been attacked 4-6 times, further highlighting that European IT and security leaders might be complacent when it comes to cyber security.
However, an overwhelming majority of respondents are somewhat or very confident that they’ll avoid an attack in the next couple of years. This apparent lack of concern for enterprise threat prevention, detection, and response capabilities is concerning because it seems to have encouraged complacency over data protection. Three-quarters (76%) of those interviewed admit they’re taking a tick-box approach to GDPR compliance, which involves doing the bare minimum on data privacy and security. Although most (97%) have a contingency plan in place should they get breached, a quarter (26%) have not tested it.
The research also uncovers awareness gaps around data risk. Around two-thirds of respondents say their organisation considers customer (66%) and financial data (63%) to be “risky.” But the figure drops to 60% for employee data, and even further for intellectual property (45%) and health data (28%). In fact, health-related data is classified as “special category” data by the GDPR, which means it requires more protection.
Commenting on the results, Henning Horst, CTO of comforte AG, said: “Data is the number one asset that any organisation holds, and they shouldn’t wait until it’s too late to take action. Our research clearly shows that serious attacks are a matter of when, not if. By deploying data-centric security today, enterprises can mitigate the worst impacts of a potential breach tomorrow and drive digital transformation initiatives forward with confidence.”
Although 87% of respondents said their security budget will likely increase this year, nearly two-thirds (64%) still view data protection as a hurdle to digital transformation, rather than a driver for projects. This perception may be a result of the lack of confidence in the ability to avoid cyber attacks and the lack of attention given to data protection in compliance with GDPR.
The results of this survey demonstrate a serious concern for the European business cyber security industry, and as Henning Horst suggests, organisations should not wait until it’s too late to take action. Cyber security threats are becoming an everyday occurrence, and the consequences of a breach can be dire. Regardless of the nature or scale of the attack, it is certain that protecting sensitive information is of utmost importance. It is essential to ensure that data is protected from such incidents, whether through the deployment of data-centric security, ensuring compliance with GDPR, or by testing contingency plans, to ensure maximum protection against cyber attacks.