HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

92% of U.S. Companies “Vulnerable” to Data Threats

A survey conducted on behalf of global data security company Thales by 451 Research has revealed that 92% of U.S. companies are “vulnerable” to data threats, yet only 86% of respondents plan to increase IT spending in 2018.

The annual survey asked more than 1,200 senior security executives about their cybersecurity spending priorities over the coming year. The results of the survey formed the backbone of the Thales 2018 Data Threat Report, in which it was revealed that 46% of U.S. respondents had experienced a data breach in the previous twelve months (up from 24% in the 2017 report).

Possibly due to their recent experiences, 92% of U.S. respondents said they were vulnerable to data threats. 53% of the U.S. companies surveyed said they were either “very vulnerable” or “extremely vulnerable” – an increase from 29% in the 2017 report – with more than half or respondents citing “privileged users” as the biggest threat to data security.

However, whereas “securing data at rest” was considered to be the most effective defense against data breaches, only 44% of U.S. companies intend increasing their cybersecurity spending in this area. Most companies plan increasing their spending in areas such as end point and mobile device defenses, data in motion defenses, network defenses, and analysis and correlation tools.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Other Findings within the Data Threat Report

Although focusing on cybersecurity spending priorities, there were some interesting revelations for funds not being spent on defenses against data breaches. For example, the two primary reasons for not deploying data security mechanisms were concerns about the impact the mechanisms would have on business processes and the complexity of the mechanisms, rather than budget concerns.

Also surprising were the motives for IT security spending. The motive occupying the #1 position was “the avoidance of financial penalties resulting from a data breach”, rather than “compliance requirements” or “implementing security best practices”; while despite the high percentage of U.S. companies that have experienced a data breach in the past twelve months, only 24% said that was a motivating factor.

On the subjects of multi-cloud adoption and securing Big Data, the report drew the conclusion that cybersecurity spending priorities were not keeping pace with emerging technologies. Similarly companies are failing to address threats via new “attack surfaces” (AI, mobile payments, blockchain, etc.) that need to be offset by data security controls.

Author of the report – Garrett Bekker, the principal security analyst at 451 Research – said: “While times have changed, security strategies have not – security spending increases that focus on the data itself are at the bottom of IT security spending priorities, leaving customer data, financial information and intellectual property severely at risk.”

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.