A recent Thales (a Galaxkey partner) report, Europe edition, identifies the trends in encryption and data security in Europe over the last year.
Security breaches continue to persist across Europe despite growing security efforts. Worryingly it seems that efforts are still not being deployed effectively (often misplaced) when trying to combat the cybersecurity threats. Organisations are still not getting it quite right.
400 senior security managers from organisations in the UK, Germany, Sweden and the Netherlands (100 from each country) were surveyed and the following outcomes were established.
Out of the European countries surveyed, the UK has suffered the most data breaches in 2017. Breaches in the UK (those that were reported) have accelerated from 22% in the previous year to 37%. In comparison, the cyberattacks reported across Europe were 33% in Germany, 30% in Sweden and 27% in the Netherlands. It’s suggested that three in every four organisations fall victim to cybercrime in Europe.
Although suffering increased attack incidents, UK businesses claim to feel less vulnerable to data security threats with less than a third (31%) of UK businesses feeling concerned. In stark contrast, half of those surveyed in Sweden and the Netherlands are feeling anxious and vulnerable to cybersecurity attacks.
Businesses have had around 2 years to prepare for the GDPR. On the 25 of May 2018 compliance with the regulation became mandatory for anyone handling personal data of EU citizens. Across the globe, organisations have been taking the necessary steps and actions to comply.
The report shows that with regards to GDPR compliance the UK has demonstrated better GDPR readiness and is in good stead. Of those UK businesses surveyed 19% claimed to have failed data security audits. While Swedish businesses did not do as well, ranking bottom, with nearly half failing compliance audits in the last year. Germany and the Netherlands did not fare much better ranking only marginally above Sweden.
- Data breaches are more frequent and commonplace, they are the new reality
- Changing business environments, business practices and digital transformations are expanding the data threat landscape
- Security efforts are often misplaced
- Encryption is fundamental to solving the data security threats that we are facing globally
What can we take from it
It is clear from the report that business recognises that data-centric defences for protecting data are the most effective.
It’s also shown that a focus on network security cannot protect against the cybersecurity threats that we face.
Encryption has been identified as a fundamental tool and most effective at protecting personal and sensitive information no matter where it is or how it is communicated or handled. Data needs to be protected at all stages: at rest, in transit and in storage. Data needs to be protected wherever it travels and this is why a data-centric solution to protect the data itself is so important.
Having said that, budgets for data protection technologies don’t seem to match the business view that encryption is crucial. They realise its effectiveness and the requirement for it but actions to implement do not yet correlate.
Data protection can’t be an afterthought and cybersecurity risks must be taken seriously. Hackers and creators of malware have the time and resources to tap into our connected systems to get what they want (our data). There is always going to be a continuous battle between their attack efforts and the efforts of security professionals to combat their actions. We need to do our best to stay a step ahead. We need to protect our data!
Businesses need to commit fitting levels of attentiveness and resources to protecting personal and sensitive data if they are to combat these persistent cyberattacks and minimise the impacts of data breaches.