The 2016 Vormetric Data Threat Report was just released and it covers the good, the bad and the ugly. The study is based on a survey conducted during October and November of 2015 and compiles responses from over 1,100 senior security executives from across the globe, including in the U.S., U.K., Germany, Japan, Australia, Brazil and Mexico, covering key segments such as federal government, retail, finance and healthcare.
Let’s start with the good. Well, the pretty good. While 39 percent of respondents indicated their organization has either experienced a data breach or failed a compliance audit due to data security issues in the past year, at least that figure did not change from the prior two years, despite the well-documented spike in cybercrime activity and hack attempts. The report found signs that data security is becoming a significantly higher priority for organizations. While compliance remains a primary reason for investing in data security technologies, reputation is the strongest motivator, and implementing security best practices had the largest gain in importance. And most respondents (58 percent) expect spending on data security to increase, up slightly from last year—another encouraging sign.
Now the bad. More than 90% of respondents still feel vulnerable to both internal and external threats to data, an increase over last year’s 87 percent. Nearly a third categorized their business as “very vulnerable” or “extremely vulnerable.” Complexity was cited as the number-one obstacle to implementing more company-wide data security tools and techniques, with lack of adequate staff to manage those tools following in second on the Excuses, Excuses list. Some 60 percent of organizations surveyed admitted they had been the victim of a data breach at some point in the past.
Here comes the ugly. (Can’t say we didn’t warn you.) Of that group acknowledging a data breach, only 21 percent cited this experience as a reason for investing in how to better secure sensitive data, and only 26 percent cited well-publicized breaches (think Sony, Home Depot or Target) as a corporate motivator for increasing the spend on data security. That means neither personal experience nor the experiences of others are resonating with most decision makers, or driving an acceptable sense of urgency. And remember: two out of five of them either experienced a data breach or failed a compliance audit last year.
But the ugliest fact of all in the report was this: A whopping 57 percent of respondents claimed they only had “some idea,” “little idea,” or “no idea” where their sensitive data is located. That’s truly scary.
Image Source: Vormetric