Data Threat Report: PII Theft and Brand Reputation Damage Biggest Concerns
Over 1,100 senior security executives were recently polled by Vormetric for the company’s 2016 data threat report.
Respondents were asked about the security incidents they had suffered over the previous 12 months, the measures they had put in place to secure data, their spending intentions for the next 12 months, and what they perceived the biggest data security threats in 2016.
2015 saw numerous major data breaches reported and an increase in the volume of breaches suffered. Unsurprisingly, given the current threat levels, the majority of respondents felt that they were vulnerable to attack. 91% said that they felt more vulnerable to attacks: a 4% increase from last year’s survey. A third of respondents said they felt very vulnerable or extremely vulnerable to attack.
Even though more data breaches have been reported in the past 12 months than in previous years, only 39% of respondents said they had suffered a data breach or failed a compliance audit in the past year: a similar figure to previous surveys conducted by Vormetric.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Spending Increased to Protect Brand Reputation and Keep PII Secure
Fortunately, action is being taken to address the increased threat, with 58% of respondents saying they had allocated additional funds to deal with security threats in 2016. Those increased funds were going on a variety of security measures, although the area most frequently cited as receiving extra funding was network security (48%). End point security and security information/event management were in joint second place, with each selected by 44% of respondents.
The biggest driver behind spending increases was reputation/brand protection, which was cited by almost half of respondents. The need to comply with regulations was the second biggest driver. However, the biggest change between this year’s and last year’s responses was the need to implement security best practices, which jumped from 39% to 44%.
Respondents were asked about the types of data they are most concerned about protecting. Personal Identifiable Information (PII) ranked highest, with financial information in second place, followed by classified information in third. Customer and business partner information ranked in last place.
Interestingly, while 64% of respondents claimed compliance requirements were effective at preventing data breaches across the sample as a whole, respondents from heavily regulated industries such as healthcare were least likely to share that point of view. Only 27% of respondents from the healthcare, financial, and retail industries believed that meeting compliance requirements was an effective way of preventing data breaches. Compliance was viewed as a minimum standard, and the bar was set quite low.
Privileged User Accounts Were Considered to Pose the Greatest Security Risk
When asked about the main threat actors, the biggest risks were perceived to be privileged user accounts, with executive management accounts in second place, and contractor accounts in third. Unsurprisingly, cybercriminals were perceived to pose the biggest threat to data security in 2016, followed by hacktivists in second place. Industrial espionage ranked lowest.
A number of barriers are limiting the progress that is made. The biggest problem is the complexity of implementing data security measured. This was selected by just under 57% of respondents. Staffing is still a major issue, with almost 40% of respondents claiming they did not have the staff to manage data security, in part due to the increased complexity of security deployments. 35% said that budgetary restrictions were a major barrier.