May 25, 2020 marked the two-year anniversary of when the European Union’s General Data Protection Regulation (GDPR) took effect. That’s enough time for organisations to have achieved compliance with the regulation. As we’ve explained in another blog post, however, plenty of organisations have received fines for failing to implement efficient technical and organisational data security measures. That begs the question: are organisations concerned about their data security postures? To what extent are they working to secure their data?
To find out, Thales surveyed over 500 European executives with responsibility for and/or influence over IT and data security. Their responses help to illuminate how organisations in Europe are approaching data security.
An Abundance of Digital Security Challenges and Gaps
This year’s 2020 Data Threat Report-European Edition revealed that organisations are grappling with plenty of data security challenges. Here’s just a snapshot of what some respondents told Thales:
- More than a quarter (28%) of European respondents admitted that they had suffered a data breach in the past year.
- Nearly half (48%) of European organisations revealed that they had experienced a data security incident at some point in their histories.
- Approximately a quarter (24%) of European companies indicated that they had failed a compliance audit over the past 12 months.
Given these experiences, one would think that European organisations would now be taking their data security more seriously than ever. But that doesn’t appear to be the case. Indeed, there seems to be important gaps in many respondents’ security postures.
Take the cloud, for instance. European companies told Thales that they stored 46% of their data in the cloud. They went on to say that about half of that information (43%) was sensitive in nature. Notwithstanding those assets, every single respondent said that their businesses had at least some data stored in the cloud that was not protected by encryption. In fact, organisations said that they had used encryption to protect just over half (54%) of their cloud-based data.
Protecting this data becomes even more of a problem given the complexity involved within a multi-cloud environment. At least 80% of respondents revealed that they were using two or more PaaS, SaaS and/or IaaS solutions. Multiple cloud solutions make it more difficult for organisations to apply security controls uniformly across their entire environments, thereby potentially leaving themselves and their data open to attack.
What Are Organisations Doing in Response?
Strangely enough, the challenges identified above aren’t resonating fully with respondents. Almost seven in 10 (68%) survey participants said they felt vulnerable to digital attacks—down from 86% in 2018. This increase in confidence means that a fifth (20%) of businesses plan to decrease data security budgets in the next year. In doing so, businesses could incur fines for not having the proper security measures in place that could have otherwise prevented a breach.
This perception holds even as organisations begin looking to future digital threats. In particular, 93% of respondents said that quantum computing could create exposures for their organisation’s sensitive data. A third (31%) of respondents said they were planning to offset quantum computing threats by switching away from static encryption or symmetric cryptography. A similar amount (30%) announced their plan to implement key management that supports quantum safe random number generator.
How Organisations Can Bolster Their Data Security
Organisations can take several steps to bolster their data security. If their environment consists of multiple clouds, they should look to a multi-cloud security solution to defend their sensitive data. They should take these efforts a step further by embracing data-at-rest encryption solutions, applying MFA via an Authentication-as-a-Service (AaaS) offering and using data discovery tools to gain complete visibility over their stored information.
For more key findings, download the 2020 Thales Data Threat Report – European Edition.