European organisations have false sense of (cyber) security, despite over half suffering a breach
- Almost seven in ten organisations (68%) feel vulnerable to attacks, down from 86% in 2018, despite over half of businesses (52%) having experienced a breach or failed a compliance audit in the last year
- Only 54% of sensitive data in the cloud is protected by encryption
- Over two-thirds (69%) expect quantum computing to affect their cryptographic operations within five years
New insights from the 2020 Thales Europe Data Threat Report reveal that European organisations have a false sense of security when it comes to protecting themselves, with only two-thirds (68%) seeing themselves as vulnerable, down from nine in ten (86%) in 2018. This confidence flies in the face of the findings of the survey of 509 European executives which reveals over half (52%) of organisations were breached or failed a compliance audit in 2019, raising concerns as to why a fifth (20%) intend to reduce data security spend in the next year. The findings come as workers across Europe are working from home due to COVID-19, often using personal devices which don’t have the built-in security office systems do, significantly increasing risk to sensitive data.
Thales will host a webinar, “Data Security Threats and Trends in Europe” on 16 June to discuss the report in more detail. To join, please visit the registration page.
Across the board, companies are racing to digitally transform and move more applications and data to the cloud; two-fifths (37%) of European countries stated they are aggressively disrupting the markets they participate in or embedding digital capabilities to enable greater enterprise agility. A key aspect of this transformation is in the cloud becoming the leading data environment. Nearly half (46%) of all data stored by European organisations is now stored in the cloud, and with 43% of that data in the cloud being described as sensitive, it is essential that it is kept safe.
As more sensitive data is stored in cloud environments, however, data security risks increase. This is of particular concern given that 100% of businesses surveyed report that at least some of the sensitive data they are storing in the cloud is not encrypted. Only 54% of sensitive data in the cloud is protected by encryption and even less (44%) is protected by tokenisation, highlighting the disconnect between the level of investment companies are making into cybersecurity and the increasing threats they face.
Multi-Cloud Adoption Complicates Data Security
Despite the multitude of threats, businesses feel that the complexity (40%) of their environments is holding their data security capabilities back. Multi-cloud adoption is the main driver of this complexity; four-fifths (80%) of businesses are using more than one IaaS (Infrastructure as a Service) vendor, whilst a third (29%) have more than 50 SaaS (Software as a Service) applications to manage. Businesses also identified a lack of budget (30%), staff to manage (28%) and organisation buy-in/low priority (25%) as other top blockers.
Quantum(fying) the problem
Whilst organisations continue to look at the threat of today, many are starting to turn their attention to peril that the acceleration of computing power, quantum, could bring to them. In fact, almost all (93%) respondents are concerned quantum computing will lead to exploits being created that could expose the sensitive data they hold. What’s more, seven in 10 (69%) European organisations expect quantum to affect their cryptographic operations in the next five years.
As a result, most organisations are reacting, with a third (31%) planning to offset quantum computing threats by switching away from static encryption or symmetric cryptography. Furthermore, a similar amount (30%) plans to implement key management that supports quantum safe random number generator.