LONDON, UK, March 18, 2015 – New research released by IT analyst firm Quocirca, in conjunction with Digital Guardian, has revealed a growing crisis of confidence amongst UK organisations about the adequacy of their data security measures in the face of growing cyber threats. The research is available on the Digital Guardian site.
As the number of high profile data breaches around the world continues to rise, the research examined confidence levels amongst UK businesses about the security of their own sensitive business data, and the factors that contributed to this level. Overall, just 29% of those questioned were very confident in the security of their data, a concerning figure given the impact a breach can have on a modern, data-driven business.
The research also examined the potential causes behind the varying degrees of confidence found. Key findings indicated there is no single factor, rather it is a combination of factors including well informed staff, adoption of advanced security technology and a well-defined, co-ordinated security policy. When efficiently combined and implemented, these factors drove far higher levels of confidence. However, businesses lacking in one or more of these areas were found to be significantly less confident in their ability to protect their data from cyber threats.
Key Research Facts:
Employee education a basic but fundamental requirement. Good information security starts with employee education. However, the research found clear room for improvement at all levels of the businesses interviewed. Key findings included:
- 39% of respondents did not feel that their security team was ‘highly knowledgeable’ on the topic of data protection, rising to 77% amongst the general IT team
- 36% of respondents rated senior management as ‘unknowledgeable’, rising to 47% amongst employees in general
- The perceived level of knowledge within the business had a clear impact on overall confidence in data security. Businesses where employees were deemed to be knowledgeable, were four times as likely to be ‘very confident’ in the security of their data, compared to businesses where employees were unknowledgeable
Too many businesses failing to take advantage of the latest security technology. Personal data and intellectual property (IP) are the two of the most valuable assets for many organisations today, so should be protected accordingly. However, while the research found long established, basic technologies such as web and email filtering to be widely deployed, many of the more advanced data protection measures available today were far less prevalent. Amongst businesses surveyed:
- 64% have no digital rights management
- 60% do not monitor user behaviour
- 51% do not deploy next generation firewalls
- 48% have no data scanning or classification of data
- 47% have no data loss prevention technology in place
However, it is these more advanced tools that can significantly increase security confidence:
- The adoption of DLP alone can boost the number saying they are ‘very confident’ in their data security three fold compared to email filtering, which does so by about 50%
But too much of a good thing can have an adverse effect: Perhaps unsurprisingly, there was a direct correlation between the number of security technologies in place and the confidence in data security. However, Quocirca also found that an over abundance of technology can have an adverse effect, leading to confusion and a perceived lack of coordination within a business.
A coordinated response policy is key. Knowledgeable users and advanced technology are critical pieces of the data protection puzzle, but the research found that the highest levels of confidence came from organisations that tied both of these criteria together under a well coordinated security policy:
- Businesses with a coordinated response policy were more than twice as likely to be ‘very confident’ about defending data against the accidental actions of employees, compared with those with a more fragmented approach (34% vs 15% respectively)
- When looking at more malicious data breaches, those with a coordinated approach were three times as likely to be ‘very confident’ about defending data against criminal hackers (31% vs 9% respectively)
“The open nature of the modern business environment makes it very difficult to ensure total IT security at all times, but this research clearly highlights the key factors which organisations must address in order to achieve the highest confidence levels in data security they can,” says Erik Driehuis, EMEA VP, Digital Guardian. “If businesses are concerned about their ability to defend against a security breach, they must take steps to address it instead of burying their heads in the sand. While data breaches may be increasingly inevitable, data loss certainly is not.”
“There is no silver bullet for IT security. But in an age where the old IT perimeter has dissolved, remote access is the norm and IT systems are increasingly opening up to outsiders, it makes sense to focus on what matters most; the data,” said Bob Tarzey, Analyst and Director, Quocirca Ltd. “The most effective way of doing this involves educating users about the risks and their responsibilities, using the latest technology, but also being prepared to respond if and when a security breach occurs.”
About Digital Guardian
Digital Guardian is the only data-centric security platform designed to stop data theft. The Digital Guardian platform performs across traditional endpoints, mobile devices and cloud applications to make it easier to see and stop all threats to sensitive data. For more than 10 years, it has enabled data-rich organizations to protect their most valuable assets with an on premise deployment or an outsourced managed security program (MSP). Digital Guardian’s unique data awareness and transformative endpoint visibility, combined with behavioral threat detection and response, let you protect data without slowing the pace of your business. For more information, please visit www.digitalguardian.com.
Quocirca is a primary research and analysis company specialising in the business impact of information technology and communications (ITC). With world-wide, native language reach, Quocirca provides in-depth insights into the views of buyers and influencers in large, mid-sized and small organisations. Its analyst team is made up of real-world practitioners with first-hand experience of ITC delivery who continuously research and track the industry and its real usage in the markets. For more information, please visit www.quocirca.com.