92% of U.S. Companies “Vulnerable” to Data Threats

Share this article on:

A survey conducted on behalf of global data security company Thales by 451 Research has revealed that 92% of U.S. companies are “vulnerable” to data threats, yet only 86% of respondents plan to increase IT spending in 2018.

The annual survey asked more than 1,200 senior security executives about their cybersecurity spending priorities over the coming year. The results of the survey formed the backbone of the Thales 2018 Data Threat Report, in which it was revealed that 46% of U.S. respondents had experienced a data breach in the previous twelve months (up from 24% in the 2017 report).

Possibly due to their recent experiences, 92% of U.S. respondents said they were vulnerable to data threats. 53% of the U.S. companies surveyed said they were either “very vulnerable” or “extremely vulnerable” – an increase from 29% in the 2017 report – with more than half or respondents citing “privileged users” as the biggest threat to data security.

However, whereas “securing data at rest” was considered to be the most effective defense against data breaches, only 44% of U.S. companies intend increasing their cybersecurity spending in this area. Most companies plan increasing their spending in areas such as end point and mobile device defenses, data in motion defenses, network defenses, and analysis and correlation tools.

Other Findings within the Data Threat Report

Although focusing on cybersecurity spending priorities, there were some interesting revelations for funds not being spent on defenses against data breaches. For example, the two primary reasons for not deploying data security mechanisms were concerns about the impact the mechanisms would have on business processes and the complexity of the mechanisms, rather than budget concerns.

Also surprising were the motives for IT security spending. The motive occupying the #1 position was “the avoidance of financial penalties resulting from a data breach”, rather than “compliance requirements” or “implementing security best practices”; while despite the high percentage of U.S. companies that have experienced a data breach in the past twelve months, only 24% said that was a motivating factor.

On the subjects of multi-cloud adoption and securing Big Data, the report drew the conclusion that cybersecurity spending priorities were not keeping pace with emerging technologies. Similarly companies are failing to address threats via new “attack surfaces” (AI, mobile payments, blockchain, etc.) that need to be offset by data security controls.

Author of the report – Garrett Bekker, the principal security analyst at 451 Research – said: “While times have changed, security strategies have not – security spending increases that focus on the data itself are at the bottom of IT security spending priorities, leaving customer data, financial information and intellectual property severely at risk.”

Author: HIPAA Journal

Share This Post On