Thales Blog

European Attitudes To Cyber Security Revealed – It’s Not Just Companies Fearing Breaches

November 10, 2015

 Louise Bulman Louise Bulman | AVP of EMEA More About This Author >

In response to recent events, Vormetric has taken the pulse of the European region with some public surveys into cyber security across the UK and Germany. You can read the respective press releases here and here, but essentially what became clear from the research is that there is growing fear for the safety of digitally stored financial information, as well as rising concern around state-sponsored espionage and hacking.

Brits most concerned about

ClickToTweet: Euro surveys show it's not just companies fearing a #DataBreach

In the UK, our survey asked 1,000 adults about the types of information they are most concerned about being compromised. Although it’s perhaps unsurprising that banking information came out on top (66 percent), it’s interesting that personal contact information (37 percent) and national insurance numbers (40 percent) were viewed less preciously, despite being the type of information that criminals will typically utilise for the purposes of identity theft. We recently conducted a similar survey in the United States which, although also revealing significant concerns about financial account information, found that Social Security Numbers were of utmost concern (84 percent).

The reason for these differences is likely down to the nature of certain breaches in each region; showing a direct correlation between public attitudes towards organisations that operate within a particular industry following a high profile breach. In this excellent (and continuously updated infographic), you’ll see some familiar, recent UK breaches specifically concerning financial information, like Carphone Warehouse (before the survey was conducted) and TalkTalk (just after), alongside US breaches concerning Social Security Numbers – Anthem being a prime example.

What is common between the two surveys is just how worried the public is regarding the theft of encrypted information. In the UK, 93 percent of respondents would be worried if stolen data relating to them had been encrypted (91 percent in the United States). As we all know, it is now almost inevitable that an organisation will eventually be hacked – but encryption remains the most viable and effective solution to safeguard sensitive data and ensure that it is inaccessible to those without the key required to decode it. Properly encrypted data is completely useless to hackers, and private companies and public organisations have a duty both to deploy this kind of security measure, and to reassure their customer or user base that their information is safe.

How should governments react when a foreign country steals government data?

Looking at our research in Germany, we uncovered a very clear difference between attitudes in the U.S. towards state-sponsored espionage. When it comes to a foreign country stealing sensitive government data, two thirds of Germans (64 percent) – and significantly fewer Americans (45 percent) – believe it is up to the head of government to take action.

Germans and HackingInterestingly, just one in eight Germans (12 percent) were of the opinion that the state should cut all ties to any foreign power involved in such activities, whereas a quarter of Americans (25 percent) thought this to be a reasonable response. Americans were also more willing to fight fire with fire. One in ten approved of the idea of hacking foreign government IT infrastructure in order to steal similar data, while only one in 20 Germans thought this would be an appropriate solution.

Although here in Europe we appear to be relatively conservative in how we’d respond to cyber espionage, there is a striking similarity in that a very small number in both Germany and the U.S. believe that no action is required – seven and eight percent respectively. This is not surprising – the compromise of official government data is an extremely serious situation that can have significant implications for the personal safety of citizens. This is of course a use case where encrypting data is perhaps most important of all.