As APPI deadlines approach, 66% also prioritizing compliance – a huge rise from last year
Thales, a leader in critical information systems, cybersecurity and data security, announces the results of its 2017 Thales Data Threat Report, Japan Edition, issued in conjunction with analyst firm 451 Research. This year’s report, which details the 2017 data threat landscape based on the responses from IT security professionals in Japan, finds 66% of Japanese enterprises are making compliance a top IT security spending priority in 2017 (up from 30% last year). Over half (54%) are increasing overall IT security spending, a 23% increase from last year.
Focused on compliance, but still skeptical
With the May deadline for full compliance with the amended Act on the Protection of Personal Information (APPI) rapidly approaching, Japanese enterprises are making compliance a top IT security spending priority. The pressure to comply with the upcoming regulation may explain why only 30% of respondents listed compliance as a top priority last year. Coming in as the second and third IT spending priorities this year were ‘requirements from business partners’ (50%) followed by ‘reputation and brand protection’ (47%).
Despite this year’s numbers, only 44% of respondents believe that compliance is ‘very’ or ‘extremely’ effective at preventing data breaches. This number is particularly interesting when compared to other regions such as Germany (58%); the U.S. (64%); Australia and Mexico (68%); and Brazil (71%).
Advanced technologies, budget misallocation complicating matters
While an inherent skepticism of compliance’s efficacy in stopping all breaches is a positive sign, this year’s report also unveiled some troubling statistics. Seventy-nine percent of respondents will use sensitive data in an advanced technology environment this year, but over half (56%) believe that sensitive data use is happening insecurely within these environments. When it comes to the most popular advanced technology environments, mobile (45%), SaaS (39%) and IaaS (37%) lead the pack.
Also concerning is the mismatch between ratings for effective security controls and spending patterns. Even though data-at-rest security controls are rated the most effective at protecting data by 63% of respondents, it’s at the bottom of the list for IT security spending increases. In fact, only 27% of respondents plan to increase data-at-rest spending. Meanwhile, spending on network security – despite not being listed as the most effective control – will increase for 42% of respondents. When taking pulse of these numbers, its clear organizations keep spending on the solutions that worked for them in the past but may not prevent modern breaches.
Garrett Bekker, principal analyst for Information Security at 451 Research says:
“There is relatively heightened awareness around today’s threat environment and data security where it involves personal information and records, given the APPI and its new amendments. Privacy regulations such as APPI can be demanding, but firms should consider moving beyond compliance to greater use of encryption and BYOK, especially when deploying sensitive data to cloud and other advanced technology environments.”
The good news: less vulnerability and an understanding of encryption
While there are certainly areas for improvement, the 2017 report also brought reasons for optimism. Enterprises in Japan feel less vulnerable, and have fewer data breaches than their counterparts elsewhere (23% of respondents’ claim they are ‘very’ or ‘extremely’, compared to 30% of their global counterparts). Only 15% of Japan respondents claim to have experienced a data breach in the last year, versus 26% of global respondents.
Japan respondents also have a strong understanding of encryption benefits. Forty-nine percent of respondents list encryption as the top choice for addressing data privacy and sovereignty requirements. The same number of respondents also say they would increase cloud deployments if offered data encryption in the cloud with key control. Similarly, 39% of respondents would increase IoT deployments and 45% would increase container deployments if they had access to encryption technologies.
Peter Galvin, VP of strategy, Thales says:
“Many of the findings from our 2017 Japan Data Threat Report are encouraging. For example, respondents have increased spending to meet major compliance deadlines – but they’re also realistic about the role it plays in protecting data. Still, this doesn’t mean there is room for complacency. Far too many enterprises are falling behind when it comes to protecting data in advanced technology environments. While our modern threat landscape does present challenges, keeping data secure throughout its lifecycle is a critical priority. This can be accomplished through encryption, advanced key management, tokenization, and a host of other effective options.”
Japanese organizations interested in protecting existing legacy data sources while also taking advantage of advanced technologies should strongly consider:
- deploying security tool sets that offer services-based deployments, platforms and automation;
- discovering and classifying the location of sensitive data within cloud, SaaS, big data, IoT and container environments; and
- leveraging encryption and Bring Your Own Key (BYOK) technologies for all advanced technologies