As digital transformation efforts increase, so to does the security gap.
European businesses signal a ‘growing security gap’ amid mass digital transformation efforts, but confidence in UK security remains high.
Across Europe, 55% claim their digital deployments are very or extremely secure, while the UK is the most confident in its levels of security with two thirds (66%) saying they are very or extremely secure. In Germany, confidence is much lower at 49%, according to Thales’ latest report.
Digital transformation: a security challenge?
In Europe, more than 84% of organisations are using or planning to use digitally transformative technologies including cloud, big data, mobile payments, social media, containers, blockchain and Internet of Things (IoT). This is a promising sign. However, sensitive data is highly exposed in these environments: in the UK, for example, almost all (97%) of these organisations state they are using this type of data with digital transformation technologies.
“Across Europe, organisations are embracing digital transformative technologies — while advancing their business objectives, this is also leaving sensitive data exposed,” said Sebastien Cano, senior vice president of cloud protection and licensing activity at Thales.
“European enterprises surveyed still do not rank data breach prevention as a top IT security spending priority — focusing more broadly on security best practice and brand reputation issues. Yet, data breaches continue to become more prevalent. These organisations need to take a hard look at their encryption and access management strategies in order to secure their digital transformation journey, especially as they transition to the cloud and strive to meet regulatory and compliance mandates.”
Multi-cloud security remains top challenge
The most common use of sensitive data within digital transformation is in the cloud.
Within Europe, 90% of organisations are using, or will use, all cloud environments this year (Software-as-a-Service, Platform-as-a-Service and Infrastructure-as-a-Service).
These deployments do not come without concerns — the top three security issues for organisations using cloud were ranked as:
• 38% — security of data if cloud provider is acquired/fails;
• 37% — lack of visibility into security practises; and,
• 36% — vulnerabilities from shared infrastructure and security breaches/attacks at the cloud provider.
According to Thales, businesses are working hard to alleviate these concerns.
Over a third (37%) of organisations see encryption of data with service provider managed encryption keys, detailed architecture and security information for IT and physical security, and SLAs in case of a data breach tied as the most important changes needed to address security issues in the cloud.
Compliance is not a security priority
Despite more than 100 new data privacy regulations, including the nearly one-year-old GDPR — affecting almost 91% organisations across Europe –compliance is only seen as a top priority for 40% of business’ UK security spend.
Interestingly, 20% of UK businesses failed a compliance audit in the last year because of data security issues. When it comes to meeting data privacy regulations, the top two methods named by respondents working to meet strict regulations are encrypting personal data (47%) and tokenising personal data (23%).
“Clearly there is a significant shift to digital transformation technologies and the issues around data held within these cannot be taken lightly,” said Frank Dickson, program vice president for security products research, IDC.
“Data privacy regulations have been hot on the agenda over the past 18 months, with so many coming into force. Organisations are now finding themselves considering the cost of becoming compliant against the risk of potential breaches and the subsequent fines.”
Attack levels are high
One of the most impactful findings of the report is that almost two thirds of organisations across Europe (61%) have encountered a data breach at some stage.
The UK fares slightly better than the average for Europe with just over half (54%) of organisations saying they have encountered a breach.
However in Europe, 29% of organisations who have faced a data breach did so in the last year; and a shocking one in 10 have suffered a data breach both in the last year and at another time.