Almost 90% of UK organisations feel vulnerable to both internal and external data threats to sensitive data, with 23 percent feeling ‘very or extremely’ vulnerable, according to a report by data protection company Vormetric.

When asked to pick the three most important reasons for securing sensitive data, half of the responding companies stated ‘reputation and brand protection’, ‘compliance requirements’ was named by 47%, with ‘implementing best security practices’, given by 41%. IT security spending plans contrasted with this, with compliance requirements the top priority at 48% while reputation and brand protection dropped to second at 45%. A worrying 46% of UK organisations have experienced a data breach at some stage, with nearly one in five being breached in the last 12 months.

The results were announced as part of the European edition of Vormetric’s Data Threat Report which collates responses from senior IT security executives at large enterprises worldwide, including 100 from UK organisations.

“For UK-based organisations, protecting reputation and brand integrity was the top reason for securing sensitive information at 50 percent,” says Garrett Bekker, senior analyst, information security, at 451 Research and author of the report. “But IT security spending plans tell another story, with compliance the top priority, while reputation and brand protection spending dropped to 45 percent. Clearly, organisations are having trouble prioritising their budgets to best ensure the safety of customers and the viability of their business.”

The report also found that 42% of UK respondents planning to adopt Internet of Things (IoT) technologies say protecting sensitive data generated by an IoT device is their biggest security concern. Looking ahead, planned IT security spending by UK organisations for the next 12 months is highest for ‘network defences’ (42%), ‘analysis and correlation tools’ (39%) and ‘endpoint and mobile defences’ (38%).

Although there is a growing appreciation that the impact a data breach has on a brand’s reputation should not be underestimated, UK organisations continue to strongly associate compliance with security, despite data breaches continuing to affect organisations that have been certified as compliant. “Compliance does not ensure security,” says Bekker. “As we learned from data theft incidents at companies that had reportedly met compliance mandates, being compliant doesn’t necessarily mean you won’t be breached and have your sensitive data stolen. UK organisations don’t seem to fully appreciate this, with almost half rating compliance as a top reason for protecting data, and with compliance the topmost IT security spending priority.”

With nearly one in five UK organisations experiencing a breach in the last 12 months, it is unsurprising that many are planning increased security spending over the coming year. However, most are planning investments in tools like network and endpoint defences which Vormetric warns have been proven to be largely ineffective against current threats to company data. Louise Bulman, vice president of EMEA for Vormetric, says: “It’s surprising and concerning that companies are continuing to over-rely on tools that consistently fail against modern, multi‐layered attacks. Technology that concentrates fundamentally on controlling access to data is a far more affective approach, and one which can bring about additional benefits by enabling technologies like cloud, big data and IoT which may otherwise have been deemed too risky.”

Share Story: