Why Being Compliant Does Not Mean Being Secure

 
 
By Karen A. Frenkel  |  Posted 02-18-2016 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Why Being Compliant Does Not Mean Being Secure
    Next

    Why Being Compliant Does Not Mean Being Secure

    While the majority of organizations feel vulnerable to data threats, they mistakenly equate compliance with security.
  • Previous
    Rates of Data Breaches Rise
    Next

    Rates of Data Breaches Rise

    61% of respondents say they experienced a data breach in the past, up slightly from last year's survey at 58%.
  • Previous
    Organizations Feel Vulnerable
    Next

    Organizations Feel Vulnerable

    91% of organizations worldwide feel vulnerable to data threats, whether internal or external, and one-third feel either very vulnerable or extremely vulnerable.
  • Previous
    Holding Steady
    Next

    Holding Steady

    39% of respondents say their organization has experienced a data breach or failed a compliance audit. That number has held steady for two prior surveys despite more overall data breaches.
  • Previous
    Best Practices
    Next

    Best Practices

    Compliance is the top reason for securing sensitive data and spending on data security, but implementing security best practices posted the highest gain across all regions.
  • Previous
    Data Security Spending to Increase
    Next

    Data Security Spending to Increase

    58% of respondents say spending to protect against data threats will be either somewhat higher (46%) or much higher (12%), up slightly from 56% in 2014.
  • Previous
    Denial About Data Threats
    Next

    Denial About Data Threats

    Although 61% of respondents experienced a breach in the past, only 21 cite past data breaches as a reason for securing sensitive data.
  • Previous
    High-Profile Breaches Aren’t Motivators
    Next

    High-Profile Breaches Aren’t Motivators

    Only 26.8% cited competitors' breaches, such as Sony, Home Depot or Target, as motivators for increased attention to data security.
  • Previous
    Compliance and Security Equated
    Next

    Compliance and Security Equated

    64% of respondents view compliance requirements as either very effective or extremely effective in preventing data breaches, up from 59% last year.
  • Previous
    Who Favors Compliance the Most?
    Next

    Who Favors Compliance the Most?

    IT, health care, financial services and retail are most confident about the effectiveness of compliance requirements. 27% of IT respondents say it is "very effective."
  • Previous
    Times Have Changed, Security Strategies Have Not
    Next

    Times Have Changed, Security Strategies Have Not

    Although most respondents expect to increase spending to protect sensitive data, network security outdid all other categories in terms of intended increased spending, at 48%. Security, event management and endpoint security followed at 43% each.
  • Previous
    Disconnect Between Budgets and Protecting Sensitive Data
    Next

    Disconnect Between Budgets and Protecting Sensitive Data

    $40 billion is spent annually on information security products—most on legacy security technologies like firewalls, anti-virus software and intrusion prevention—yet data breaches continue to increase in both frequency and severity.
 

Organizations continue to equate compliance with security, fostering the mistaken belief that meeting compliance requirements leads to a more secure enterprise. In fact, data breaches are rising in organizations certified as compliant, a new study revealed. In many cases, investments in IT security controls are misplaced because most focus on perimeter defenses that consistently fail to halt breaches and increasingly sophisticated cyber-attacks, according to the study. Vormetric, an enterprise data security firm, issued the survey, "2016 Vormetric Data Threat Report," with think-tank 451 Research. The annual report polled 1,100 senior IT security executives at large enterprises worldwide. It details rates of data breach and compliance failures, perceptions of threats to data, data security postures and IT security spending plans. "Being compliant doesn't necessarily mean you won't be breached and have your sensitive data stolen," said Garrett Bekker, senior analyst of Enterprise Security at 451 Research. "But organizations don't seem to have gotten the message, with nearly two-thirds (64%) rating compliance as very or extremely effective at stopping data breaches."

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...