More than a quarter (26 percent) of organisations were breached in the last year.
In conjunction with 451 Research, Thales has released its 2017 Thales Data Threat Report, which indicates an ongoing disconnect between the security solutions organisations spend money on and the ability of those solutions to protect sensitive data.
The report polled 1100 senior IT security executives at large enterprises around the world.
Overall IT security spending is up with 73 percent of organisations having increased it, mainly in the areas of network and endpoint security.
Thirty percent of respondents classify their organisations as “very vulnerable” or “extremely vulnerable” to data attacks with the two top spending priorities being network (62 percent) and endpoint (56 percent) protection solutions.
Garrett Bekker, senior analyst, information security at 451 Research and author of the report said, “One possible explanation for this troubling state? Organisations keep spending on the same solutions that worked for them in the past but aren't necessarily the most effective at stopping modern breaches. Data protection tactics need to evolve to match today's threats. It stands to reason that if security strategies aren't equally as dynamic in this fast-changing threat environment, the rate of breaches will continue to increase.”
Almost half (44 percent) of respondents stated meeting compliance requirements as their top spending priority, followed by best practices (38 percent) and protecting reputation/brand (36 percent). Fifty-nine percent believe compliance is “very” or “extremely” effective at preventing data breaches.
Cyber-criminals were identified as the top threat (44 percent), followed by hacktivists (17 percent), cyber-terrorists (15 percent) and nation states (12 percent). More than half (58 percent) believe privileged users are the most dangerous insiders and executive management (44 percent) is the second-most-risky insider followed by ordinary employees (36 percent) and contractors (33 percent).
Seventy-six percent ranked encryption of data-at-rest as more effective in protecting sensitive information than endpoint security.
“Enterprises today must inevitably confront an increasingly complicated threat landscape. Our world, which now includes the cloud, big data, the IoT and Docker, calls for robust IT security strategies that protect data in all its forms, at rest, in motion and in use. Businesses need to invest in privacy-by-design defence mechanisms – such as encryption – to protect valuable data and intellectual property and view security as a business enabler that facilitates digital initiatives and builds trust between partners and customers,” said Peter Galvin, vice president of strategy at Thales e-Security.