Enterprises today must inevitably confront an increasingly complicated threat landscape, according to the new 2017 Thales Data Threat Report, issued in conjunction with analyst firm 451 Research.
The threat report found that 68% of respondents have experienced a breach with 26% experiencing a breach in the last year – both numbers were up from last year. Paradoxically, overall security spending is also up; in 2017, 73% of organizations increased IT security spending – a marked jump from 2016 (58%).
On the positive side, one potentially encouraging sign – at least for security vendors – is that 73% of respondents anticipate security spending increases in the next 12 months, a sharp increase from 58% last year. The primary reason for the jump is that those who anticipate “much higher” spending (23%) nearly doubled from just 12% last year, also potentially good news for practitioners dealing with security budget constraints. Furthermore, while most security spending remains driven by compliance concerns, security spending in order to implement best practices has moved up again for the second straight year and into the #2 overall spot, a sign that enterprises are starting to do more than the bare minimum to meet regulatory demands.
However, despite the higher spending (and planned spending) on security, some 26% of respondents said their organizations experienced a breach in the last year, up from 21.7% in 2016, while 42% of respondents experienced a data breach at another time in the past (up from 39.3%).
It is no wonder, then, that nearly one in three respondents feel their organizations are either ‘very vulnerable’ or ‘extremely vulnerable’ to threats to sensitive data.
Overall, the research suggests that the security industry looks increasingly like a dog chasing its own tail – despite more and more money spent on security each year, our collective problems continue to worsen.
So not all good news then.
Below are the key findings of 2017’s Thales Data Threat Report
- More than two in three respondents (67.8%) said their organizations have been breached at some point, an increase of nearly 7%% over the previous year. And more than one in four (26%) were breached in the last year alone, up from 21.7% the previous year.
- The overwhelming majority of respondents still feel some degree of vulnerability to data threats (88%), down slightly from the previous year (90%), but still at an alarmingly high level. Those feeling ‘extremely vulnerable’ rose slightly, to 9.1% from 8.2%.
- Compliance (44%) remains the primary reason for spending on data security by a stubbornly wide margin over implementing security best practices, the second strongest driver (38%). However, we found it encouraging that fewer respondents (59.5%) viewed compliance requirements as ‘very or extremely effective’, a notable drop from 64% last year. Meanwhile brand and reputation plummeted to 36%, down markedly from 50% in last year’s study as a primary reason for security spending.
- In a departure from both practical experience and anecdotal evidence, more than 57% of respondents claim ‘complete knowledge’ of where sensitive data is located, up sharply from 42% last year.
- Data sovereignty has become a hot topic in light of concerns about new regulations, and government snooping. Encryption was identified as the clear choice (64%) to satisfy local data privacy laws such as the EU’s recently approved General Data Protection Regulation (GDPR). Tokenization (40%) is listed as a distant second, while migrating data to jurisdictions or choosing local cloud providers are at the very bottom of the list.
- Complexity remains the top barrier to more aggressive adoption of data security solutions chosen by 50.4% of respondents. ‘Lack of staff’ trailed by a considerable margin in second place at 36%.
- Though still a nascent technology that’s been in the market for barely two years, Docker containers are being used by four in ten respondents for production applications, with a nearly 50-50 split between critical and non-critical applications. Only 13% of respondents have no plans to use Docker containers in the year ahead. Like other emerging technologies like cloud, big data and IoT, not surprisingly, security remains the #1 Docker adoption barrier (46.7% of respondents) and the #1 method for securing containers is encryption.
Download full data threat report here [Thales eSecurity]