Global Survey Reveals Majority of Organizations Not Confident In Ability to Protect Data after a Breach
• 74 percent of IT decision-makers believe perimeter security is effective at keeping out security threats, yet 41 percent believe unauthorized users are able to access their networks
• Majority plan to invest the same amount in perimeter security despite 60 percent saying they are not confident in ability to protect data after a breach
• 25 percent say they would not trust their personal data to their own companies
October 01, 2014
Despite increasing numbers of data breaches and the theft and loss of more than 2 billion data records worldwide since 2013, organizations continue to believe perimeter security technologies are effective for data protection, according to new research from SafeNet, Inc., a global leader in data protection.
The 2014 SafeNet Data Security Confidence Index found that nearly three-quarters (74 percent) of IT decision-makers believe that their organization’s firewall is effective at keeping out unauthorized users. Yet, nearly half (44 percent) admit that their organization’s firewall has been breached or do not know if it has been breached. In addition, more than 60 percent are not confident that data would be secure if unauthorized users were able to penetrate their network’s perimeter security.
Security Investments Favor the Perimeter vs. Defense in Depth
The survey results illustrate that despite the increasing number of network breaches and data record losses, businesses are continuing to invest more of their IT budgets in perimeter security and breach prevention technologies versus defense-in-depth strategies that include strong multi-factor authentication and data encryption. In the first half of 2014 alone, more than 375 million customer records were stolen, an increase of 31 percent compared to the same period last year, according to the SafeNet Breach Level Index (BLI).
The research found that 93 percent of IT decision-makers say that their organizations’ investments in perimeter security has either increased or stayed the same over the past five years, with an average of 9 percent of IT budget currently spent purchasing, deploying, and maintaining firewall technology. For the next twelve months, respondents planned to continue this trend, spending approximately the same amount (9.05 percent) on firewall technology.
Two-thirds of IT decision makers (67 percent) also admit that they would not decrease spending on perimeter defenses, such as firewall technology, in favor of other technologies. In fact, if asked to get rid of one method to protect sensitive data, the majority would eliminate anomaly detection (49 percent) or data security measures like encryption (24 percent) rather than perimeter security (15 percent).
Low Confidence in Breach Prevention and Keeping Cybercriminals Out
In addition, despite a high degree of confidence in the effectiveness of perimeter security, IT decision makers expressed lower confidence in their companies’ ability to protect data against growing security threats, with the research revealing that:
- Over half (60 percent) are not confident that data would be secure if unauthorized users penetrated their network’s perimeter security.
- Two-fifths (41 percent) said they think unauthorized users are able to access their networks.
- One-third (34 percent) of IT decision makers reported that they have become less confident with the security industry’s ability to detect and defend against emerging security threats
- One-quarter of IT decision makers (25 percent) admit that if they were a customer of their organization, they would not trust the company to store and manage their personal data.
- Over half (53 percent) suggest that high-profile data breaches in the news have driven their organization to change their security strategy.
"The research findings reveal some interesting contradictions between the perception and the reality of data security," said Tsion Gonen, chief strategy officer, SafeNet. "What’s worrying is that so many organizations are still putting all of their eggs in one basket when it comes to data security. Perimeter security technologies are just one layer of protection, but too many companies rely on them as the foundation of their data security strategy when, in reality, the perimeter no longer exists. From the sheer volume of data breaches alone, it’s clear that if a cybercriminal wants to hack the system or steal data, they will find a way to do so. So companies need to focus on what matters most – protecting the data. That means building more intelligent security strategies and using defense-in-depth with multi-factor authentication and placing security directly on the data with encryption."
About the Data Security Confidence Index
The research conducted by Vanson Bourne on behalf of SafeNet polled more than 1000 individuals across the U.S., UK, Europe, Middle East and Asia-Pacific. Respondents comprised of security and IT executives from a range of industries, including financial services, healthcare, manufacturing, public sector, telecommunications, utilities, retail, construction, insurance, legal and more. The full report can be found here.
About the Breach Level Index
The BLI provides a centralized, global database of data breaches and calculates their severity based on multiple dimensions, including the type of data and the number of records stolen, the source of the breach, and whether or not the data was encrypted. By assigning a severity score to each breach, the BLI provides a comparative list of breaches, distinguishing nuisances from truly impactful mega breaches. Information populating the BLI database is based on publicly available breach disclosure information.