Thales News Release

87% Of Mexican And 84% Of Brazilian IT Decision Makers Say Their Organization Is Vulnerable To Data Threats

May 18, 2016

2016 Vormetric Data Threat Report – Mexico and Brazil Edition

SAN JOSE, Calif. – May 18, 2016 –– Vormetric, a Thales company, and a leader in enterprise data protection for physical, virtual, big data, and cloud environments, today announced the results of the Mexico and Brazil Edition of the 2016 Vormetric Data Threat Report (DTR). The report is issued in conjunction with analyst firm 451 Research with polling for the report featuring the responses of 1,100 senior IT security executives at large enterprises worldwide, including over 100 each in Mexico and Brazil. This edition of the 4th annual report extends earlier findings in the global report with detailed findings for Mexico and Brazil about perceptions of threats to data, rates of data breach failures, data security stances and IT security spending plans. Critical findings:

  • Enterprises feel vulnerable to data threats: 87 percent in Mexico and 84 percent in Brazil (up from 69 percent in Brazil for 2015).
  • 65 percent in Mexico and 62 percent in Brazil had experienced a past data breach, indicating that there are good reasons for this fear.
  • The top external threats identified were attacks by cybercriminals out for financial gain at 31 percent for Mexico and 45 percent for Brazil.
  • Spending is increasing to offset these threats, with 65 percent in Mexico and 73 percent in Brazil increasing spending to protect data.
  • But spending is increasing fastest on defenses that are no longer completely effective at protecting data: In Mexico network and end point defenses at 52 percent each, and in Brazil network defenses at 60 percent and end point defenses at 58 percent.

ClickToTweet: Data Threats in Mexico and Brazil: Enterprises at Risk #2016DataThreat

“Data breaches were a problem in every region we surveyed,” said Garrett Bekker, senior analyst, information security, at 451 Research and the author of the report. “Clearly, IT security leaders in both Mexico and Brazil are worried about data breaches, but are being held back from adding data centric security by a perception of complexity (Mexico 49 percent, Brazil 50 percent) and lack of staff (Mexico 45 percent, Brazil 46 percent), while also increasing spending the most in legacy technologies like network and anti-virus security tools that are not able to ensure the safety of data once attackers compromise networks and systems.”

Internal and external threats

External threats – Just as in the US and elsewhere across the world, organizations in Mexico and Brazil selected cybercriminals out for financial gain as the top external threat:

  • Mexico – 31 percent
  • Brazil – 45 percent
  • U.S. – 41 percent

Internal threats – Ratings for the risks from insiders were a different story, while elsewhere in the world privileged users are the top concern, in Mexico and Brazil executives were rated as the top risk. Elsewhere organizations identified privileged users as the top threat, and with good reason. Because their roles give them access to all the data available to the systems or applications they manage, they are a primary risk data theft internally, and their account information is a highly desired target for external attackers attempting to steal data.

Top three selections for the most dangerous insiders:

  • Executives: Mexico – 58 percent, Brazil – 54 percent, U.S. 46 – percent
  • Privileged users: Mexico – 53 percent, Brazil – 51 percent, U.S. – 63 percent

Compliance is a priority – But compliance is not enough

Compliance standards are a business reality, and a fundamental requirement for many organizations. The problem is that these standards are slow moving, and quickly fall behind fast evolving attacks. In fact, breaches have occurred time after time at organizations that were certified compliant with PCI DSS or other standards. Yet high percentages of respondents viewed compliance requirements as either 'very’ or ‘extremely’ effective in preventing data breaches.

Ratings for compliance as ‘very’ or ‘extremely’ effective at stopping data breaches:

  • Brazil – 83 percent (highest percentage globally)
  • Mexico – 57 percent
  • U.S. – 67 percent

Old IT security spending habits continue – even as their effectiveness at protecting data falls

For enterprises in both Mexico and Brazil, the study found that increases in IT security spending to protect data are concentrated in tools that consistently fail to stop today’s multi–layer attacks: Network and end point defenses, with data-at-rest defense spending a lower priority. Planned increases in spending over the next 12 months to protect data:

  • Network defenses: Brazil – 60 percent, Mexico – 52 percent
  • End point and mobile defenses: Brazil – 58 percent, Mexico – 52 percent
  • Data-at-rest defenses: Brazil – 48 percent, Mexico – 40 percent

Sensitive data in the cloud

Organizations in Mexico and Brazil are planning to use sensitive data within cloud environments at much higher rates than the average across the world, and are worried about it – with 80 percent of enterprises in Mexico and 79 percent in Brazil very or extremely concerned about potential exposures from use of sensitive data in cloud environments.

Rates of storage of sensitive data in cloud environments:

  • Software as a Service (SaaS): Mexico – 64 percent, Brazil – 71 percent, global – 53 percent
  • Infrastructure as a Service (IaaS): Mexico – 61 percent, Brazil – 60 percent, global – 53 percent
  • Platform as a Service (paaS): Mexico – 50 percent, Brazil – 63 percent, global – 49 percent

The good news for Mexico and Brazil

A real positive is the top driver for IT security spending in both countries, unlike the U.S where compliance is the top driver (52 percent), in Mexico and Brazil reputation and brand protection are the highest priorities (Mexico – 53 percent, Brazil – 54 percent). This is good news because a focus beyond compliance on protecting data can lead to a more effective data security stance than compliance alone can give.

Other positives include:

  • Increases in spending to protect sensitive data: 64 percent in Mexico and 62 percent in Brazil
  • Plans to invest in data-at-rest defenses this year: 40 percent in Mexico and 48 percent in Brazil

Data-at-rest security tool plans – Many are also planning to implement ‘newer’ security tools that are more effective at protecting data even when other defenses have been compromised. These include tokenization (44 percent Mexico, 54 percent Brazil), application encryption (48 percent Mexico, 50 percent Brazil) Security Event and Information Management (SIEM) systems (50 percent Mexico, 45 percent Brazil) and privileged user access management (36 percent Mexico, 30 percent Brazil)

“IT security leaders in both countries are investing to help solve the problem, but surprisingly, are failing to connect the dots about the best solutions to use,” said Tina Stewart, Thales vice president of marketing. “Low levels of spending on data-at-rest security controls, and outdated investments in IT security technologies that are less effective at protecting data, are putting their organizations at risk.”

The research report is available from Thales and can be found here.

About 451 Research

451 Research is a preeminent information technology research and advisory company. With a core focus on technology innovation and market disruption, we provide essential insight for leaders of the digital economy. More than 100 analysts and consultants deliver that insight via syndicated research, advisory services and live events to over 1,000 client organizations in North America, Europe and around the world. Founded in 2000 and headquartered in New York, 451 Research is a division of The 451 Group.

About Vormetric, a Thales company

Thales comprehensive high-performance data protection platform helps companies move confidently and quickly. Our seamless and scalable platform is the most effective way to protect data wherever it resides—any file, database and application, in any server environment. Advanced transparent encryption, powerful access controls and centralized key management let organizations encrypt everything efficiently, with minimal disruption. Regardless of content, database or application—whether physical, virtual or in the cloud—Vormetric Data Security enables confidence, speed and trust by encrypting the data that builds business. Vormetric Data Security was recently acquired by Thales Group and is now a Thales company.

Please visit: and find us on Twitter @ThalesCloudSec.

About Thales

Thales is a global technology leader for the Aerospace, Transport, Defence and Security markets. With 62,000 employees in 56 countries, Thales reported sales of €14 billion in 2015. With over 22,000 engineers and researchers, Thales has a unique capability to design and deploy equipment, systems and services to meet the most complex security requirements. Its exceptional international footprint allows it to work closely with its customers all over the world.

Positioned as a value-added systems integrator, equipment supplier and service provider, Thales is one of Europe’s leading players in the security market. The Group’s security teams work with government agencies, local authorities and enterprise customers to develop and deploy integrated, resilient solutions to protect citizens, sensitive data and critical infrastructure.

Drawing on its strong cryptographic capabilities, Thales is a global leader in data protection and one of the world leaders in cybersecurity products and solutions for defence, critical infrastructure and telecommunication operators, industrial and financial companies. Covering the entire cybersecurity chain, Thales offers a comprehensive range of services and solutions that includes: cybersecurity consulting and testing, cyber-secured software centric system design / development / integration and certification, provision and through-life management of data protection products and services, secured IT outsourcing and cloud computing solutions, as well as managed security services based on our network of Security Operation Centers in France, the United Kingdom and the Netherlands.


Andy Kicklighter
Thales Media Relations
+1 408-908-6260
akicklighter@vormetric.comDorothée Bonneil
Thales Media Relations – Security
+33 (0)1 57 77 90 89
dorothee.bonneil@thalesgroup.comLiz Harris
Thales Media Relations
+44 (0)1223 723612