“Mind the (breach) gap”: Gemalto research reveals businesses overly confident about keeping hackers at bay, but less so about keeping data safe

“Mind the (breach) gap”: Gemalto research reveals businesses overly confident about keeping hackers at bay, but less so about keeping data safe

  • 94% of IT professionals feel perimeter security is effective at keeping unauthorized users out of their networks
  • However, 65% are not extremely confident their data would be secure if perimeter defences were breached and 68% say unauthorized users can access their networks
  • Businesses are confident in meeting compliance mandates, despite 53% of companies believing they will not be fully compliant with General Data Protection Regulation (GDPR) when it becomes enforceable next year

Amsterdam, July 10, 2017 – Despite the increasing number of data breaches and nearly 1.4 billion data records being lost or stolen in 2016 (source: Breach Level Index), the vast majority of IT professionals still believe perimeter security is effective at keeping unauthorized users out of their networks. However, companies are under investing in technology that adequately protects their business, according to the findings of the fourth-annual Data Security Confidence Index released today by Gemalto (Euronext NL0000400653 GTO), the world leader in digital security.

Surveying 1,050 IT decision makers worldwide, businesses feel that perimeter security is keeping them safe, with most (94%) believing that it is quite effective at keeping unauthorized users out of their network. However, 65% are not extremely confident their data would be protected, should their perimeter be breached, a slight decrease on last year (69%). Despite this, nearly six in 10 (59%) organizations report that they believe all their sensitive data is secure.

Perimeter security is the focus, but understanding of technology and data security is lacking 

Many businesses are continuing to prioritize perimeter security without realizing it is largely ineffective against sophisticated cyberattacks. According to the research findings, 76% said their organization had increased investment in perimeter security technologies such as firewalls, IDPS, antivirus, content filtering and anomaly detection to protect against external attackers. Despite this investment, two thirds (68%) believe that unauthorized users could access their network, rendering their perimeter security ineffective.

These findings suggest a lack of confidence in the solutions used, especially when over a quarter (28%) of organizations have suffered perimeter security breaches in the past 12 months. The reality of the situation worsens when considering that, on average, only 8% of data breached was encrypted.

Businesses’ confidence is further undermined by over half of respondents (55%) not knowing where their sensitive data is stored. In addition, over a third of businesses do not encrypt valuable information such as payment (32%) or customer (35%) data. This means that, should the data be stolen, a hacker would have full access to this information, and can use it for crimes including identify theft, financial fraud or ransomware.

“It is clear that there is a divide between organizations’ perceptions of the effectiveness of perimeter security and the reality,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “By believing that their data is already secure, businesses are failing to prioritize the measures necessary to protect their data. Businesses need to be aware that hackers are after a company’s most valuable asset – data. It’s important to focus on protecting this resource, otherwise reality will inevitably bite those that fail to do so.”

Most Businesses are unprepared for GDPR

With the General Data Protection Regulation (GDPR) becoming enforceable in May 2018, businesses must understand how to comply by properly securing personal data to avoid the risk of administrative fines and reputational damage. However, over half of respondents (53%) say they do not believe they will be fully compliant with GDPR by May next year. With less than a year to go, businesses must begin introducing the correct security protocols in their journey to reaching GDPR compliance, including encryption, two-factor authentication and key management strategies.

Hart continues, “Investing in cybersecurity has clearly become more of a focus for businesses in the last 12 months. However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold, or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don’t improve their cybersecurity will face severe legal, financial and reputational consequences.”

About the survey

Independent technology market research specialist Vanson Bourne surveyed 1,050 IT decision makers across the US, UK, France, Germany, India, Japan, Australia, Brazil, Benelux the Middle East and South Africa on behalf of Gemalto. The sample was split between Manufacturing, Healthcare, Financial Services, Government, Telecoms, Retail, Utilities, Consultation and Real Estate, Insurance and Legal, IT and other sectors from organizations with 250 to more than 5,000 employees.

About Gemalto

Gemalto (Euronext NL0000400653 GTO) is the global leader in digital security, with 2016 annual revenues of €3.1 billion and customers in over 180 countries. We bring trust to an increasingly connected world.

From secure software to biometrics and encryption, our technologies and services enable businesses and governments to authenticate identities and protect data so they stay safe and enable services in personal devices, connected objects, the cloud and in between.

Gemalto’s solutions are at the heart of modern life, from payment to enterprise security and the internet of things. We authenticate people, transactions and objects, encrypt data and create value for software – enabling our clients to deliver secure digital services for billions of individuals and things.

Our 15,000+ employees operate out of 112 offices, 43 personalization and data centers, and 30 research and software development centers located in 48 countries.

For more information visit www.gemalto.com, or follow @gemalto on Twitter.

​​​​Gemalto media contacts

Philippe Benitez
Americas
+1 512 257 3869​
[email protected]​​

​​Kristel Teyras
​Europe Middle East & Africa
+33 1 55 01 57 89
[email protected]

Shintaro Suzuki
Asia Pacific
+65 6317 8266​
[email protected]

Vivian Liang
大中华地区  (Greater China)
+86 1059373046
[email protected]

​Find Gemalto’s Media Contacts in your region.