European organisations have false sense of (cyber) security, despite over half suffering a breach

  • Almost seven in ten organisations (68%) feel vulnerable to attacks, down from 86% in 2018, despite over half of businesses (52%) having experienced a breach or failed a compliance audit in the last year
  • Only 54% of sensitive data in the cloud is protected by encryption
  • Over two-thirds (69%) expect quantum computing to affect their cryptographic operations within five years

New insights from the 2020 Thales Europe Data Threat Report reveal that European organisations have a false sense of security when it comes to protecting themselves, with only two-thirds (68%) seeing themselves as vulnerable, down from nine in ten (86%) in 2018. This confidence flies in the face of the findings of the survey of 509 European executives which reveals over half (52%) of organisations were breached or failed a compliance audit in 2019, raising concerns as to why a fifth (20%) intend to reduce data security spend in the next year. The findings come as workers across Europe are working from home due to COVID-19, often using personal devices which don’t have the built-in security office systems do, significantly increasing risk to sensitive data.

Thales will host a webinar, “Data Security Threats and Trends in Europe” on 16 June to discuss the report in more detail. To join, please visit the registration page.

Across the board, companies are racing to digitally transform and move more applications and data to the cloud; two-fifths (37%) of European countries stated they are aggressively disrupting the markets they participate in or embedding digital capabilities to enable greater enterprise agility. A key aspect of this transformation is in the cloud becoming the leading data environment. Nearly half (46%) of all data stored by European organisations is now stored in the cloud, and with 43% of that data in the cloud being described as sensitive, it is essential that it is kept safe.

As more sensitive data is stored in cloud environments, however, data security risks increase. This is of particular concern given that 100% of businesses surveyed report that at least some of the sensitive data they are storing in the cloud is not encrypted. Only 54% of sensitive data in the cloud is protected by encryption and even less (44%) is protected by tokenisation, highlighting the disconnect between the level of investment companies are making into cybersecurity and the increasing threats they face.

Multi-Cloud Adoption Complicates Data Security

Despite the multitude of threats, businesses feel that the complexity (40%) of their environments is holding their data security capabilities back. Multi-cloud adoption is the main driver of this complexity; four-fifths (80%) of businesses are using more than one IaaS (Infrastructure as a Service) vendor, whilst a third (29%) have more than 50 SaaS (Software as a Service) applications to manage. Businesses also identified a lack of budget (30%), staff to manage (28%) and organisation buy-in/low priority (25%) as other top blockers.

“Businesses are continuing to race towards digital transformation and many are increasingly reliant on complex cloud environments, without taking a zero-trust approach. Data is more at risk than ever, whilst organisations are unwittingly creating the perfect storm for hackers by not implementing the security basics,” commented Rob Elliss, EMEA Vice President for Data Security solutions at Thales. “Unfortunately, this will result in increasing problems, particularly in a world where working remotely will be part of the new-normal, unless companies can step up to the plate when it comes to keeping data safe.”

Quantum(fying) the problem

Whilst organisations continue to look at the threat of today, many are starting to turn their attention to peril that the acceleration of computing power, quantum, could bring to them. In fact, almost all (93%) respondents are concerned quantum computing will lead to exploits being created that could expose the sensitive data they hold. What’s more, seven in 10 (69%) European organisations expect quantum to affect their cryptographic operations in the next five years.

As a result, most organisations are reacting, with a third (31%) planning to offset quantum computing threats by switching away from static encryption or symmetric cryptography. Furthermore, a similar amount (30%) plans to implement key management that supports quantum safe random number generator. 

“It is clear that businesses are aware of evolving threats they face and it’s reassuring to see them acknowledging some of the key steps they need to take – including moving away from static encryption and implementing quantum-proof key management. It’s critical, though, that organisations don’t just look at threats years away, but invest in their cybersecurity processes now and see it as an integral part of their digital transformation,” Rob concluded.