A recent survey of 1,114 senior IT security executives at large enterprises worldwide has found that fully 91 percent of respondents feel their company’s sensitive data is either somewhat, very, or extremely vulnerable to both internal and external threats.
The survey, conducted in October and November of 2015 by 451 Research on behalf of Vormetric, also found that while 61 percent of respondents said their organization had suffered a data breach in the past, only 21 percent referred to that breach as a reason for securing sensitive data.
Thirty-nine percent of respondents have suffered a data breach or failed a compliance audit due to data security issues in the past year alone.
Sixty-four percent of respondents said they believe compliance requirements are very or extremely effective in preventing data breaches. “Compliance does not ensure security,” 451 Research senior analyst and report author Garrett Bekker said in a statement. “As we learned from data theft incidents at companies that had reportedly met compliance mandates (such as Anthem, Home Depot and others), being compliant doesn’t necessarily mean you won’t be breached and have your sensitive data stolen.”
Fifty-eight percent of respondents said their spending to protect against data threats would be either somewhat higher (46 percent) or much higher (12 percent) over the coming year — but compliance was the top priority for IT security spending, at 46 percent overall.
“Organizations are also spending ineffectively to prevent data breaches, with spending increases focused on network and endpoint security technologies that offer little help in defending against multistage attacks,” Bekker said. “It’s no longer enough to just secure our networks and endpoints.”
Seventy-eight percent of respondents said they believe network defenses are very or extremely effective at preventing data breaches, and 62 percent said they feel the same way about endpoint and mobile defenses.
“There are significant concerns about how enterprises and federal government agencies are safeguarding confidential citizen, customer and company information,” Vormetric vice president of global marketing Tina Stewart said in a statement. “Organizations seem to be in denial about the risk, and are relying on tools that consistently fail against today’s multi‐layer attacks rather than adding a stronger emphasis on protecting data and valuable customer information.”
Concerns are increasing about privileged users and cloud security, with 63 percent saying privileged users are the most dangerous insiders, up from 57 percent in a similar survey a year ago — and 44 percent deeming cloud environments a “top three” risk for loss of sensitive data, up from 40 percent a year ago.
When asked what the main barriers to adoption are for data security, 57 percent of respondents listed “complexity,” followed by “lack of staff to manage” at 38 percent, and “lack of budget” at 35 percent.
Recent eSecurity Planet articles have looked at how to secure corporate data in a post-perimeter world, the top 10 encryption tools you should know, and 5 free tools for compliance management.