As the number of high profile data breaches around the world continues to rise, the research examined confidence levels amongst UK businesses about the security of their own sensitive business data, and the factors that contributed to this level. Overall, just 29% of those questioned were very confident in the security of their data, a concerning figure given the impact a breach can have on a modern, data-driven business.
The research also examined the potential causes behind the varying degrees of confidence found. Key findings indicated there is no single factor, rather it is a combination of factors including well informed staff, adoption of advanced security technology and a well-defined, co-ordinated security policy. When efficiently combined and implemented, these factors drove far higher levels of confidence. However, businesses lacking in one or more of these areas were found to be significantly less confident in their ability to protect their data from cyber threats.
Key Research Facts:
Employee education a basic but fundamental requirement. Good information security starts with employee education. However, the research found clear room for improvement at all levels of the businesses interviewed. Key findings included:
o 39% of respondents did not feel that their security team was ‘highly knowledgeable’ on the topic of data protection, rising to 77% amongst the general IT team
o 36% of respondents rated senior management as ‘unknowledgeable’, rising to 47% amongst employees in general
o The perceived level of knowledge within the business had a clear impact on overall confidence in data security. Businesses where employees were deemed to be knowledgeable, were four times as likely to be ‘very confident’ in the security of their data, compared to businesses where employees were unknowledgeable
Too many businesses failing to take advantage of the latest security technology. Personal data and intellectual property (IP) are the two of the most valuable assets for many organisations today, so should be protected accordingly. However, while the research found long established, basic technologies such as web and email filtering to be widely deployed, many of the more advanced data protection measures available today were far less prevalent. Amongst businesses surveyed:
o 64% have no digital rights management
o 60% do not monitor user behaviour
o 51% do not deploy next generation firewalls
o 48% have no data scanning or classification of data
o 47% have no data loss prevention technology in place
However, it is these more advanced tools that can significantly increase security confidence:
o The adoption of DLP alone can boost the number saying they are ‘very confident’ in their data security three fold compared to email filtering, which does so by about 50%
But too much of a good thing can have an adverse effect: Perhaps unsurprisingly, there was a direct correlation between the number of security technologies in place and the confidence in data security. However, Quocirca also found that an over abundance of technology can have an adverse effect, leading to confusion and a perceived lack of coordination within a business.
A coordinated response policy is key. Knowledgeable users and advanced technology are critical pieces of the data protection puzzle, but the research found that the highest levels of confidence came from organisations that tied both of these criteria together under a well coordinated security policy:
o Businesses with a coordinated response policy were more than twice as likely to be ‘very confident’ about defending data against the accidental actions of employees, compared with those with a more fragmented approach (34% vs 15% respectively)
o When looking at more malicious data breaches, those with a coordinated approach were three times as likely to be ‘very confident’ about defending data against criminal hackers (31% vs 9% respectively)