Home →Security →Why Being Compliant Does Not Mean Being Secure

Why Being Compliant Does Not Mean Being Secure

By Karen A. Frenkel | Posted 02-18-2016

1 of

Why Being Compliant Does Not Mean Being Secure

While the majority of organizations feel vulnerable to data threats, they mistakenly equate compliance with security.
Rates of Data Breaches Rise

61% of respondents say they experienced a data breach in the past, up slightly from last year's survey at 58%.
Organizations Feel Vulnerable

91% of organizations worldwide feel vulnerable to data threats, whether internal or external, and one-third feel either very vulnerable or extremely vulnerable.
Holding Steady

39% of respondents say their organization has experienced a data breach or failed a compliance audit. That number has held steady for two prior surveys despite more overall data breaches.
Best Practices

Compliance is the top reason for securing sensitive data and spending on data security, but implementing security best practices posted the highest gain across all regions.
Data Security Spending to Increase

58% of respondents say spending to protect against data threats will be either somewhat higher (46%) or much higher (12%), up slightly from 56% in 2014.
Denial About Data Threats

Although 61% of respondents experienced a breach in the past, only 21 cite past data breaches as a reason for securing sensitive data.
High-Profile Breaches Aren’t Motivators

Only 26.8% cited competitors' breaches, such as Sony, Home Depot or Target, as motivators for increased attention to data security.
Compliance and Security Equated

64% of respondents view compliance requirements as either very effective or extremely effective in preventing data breaches, up from 59% last year.
Who Favors Compliance the Most?

IT, health care, financial services and retail are most confident about the effectiveness of compliance requirements. 27% of IT respondents say it is "very effective."
Times Have Changed, Security Strategies Have Not

Although most respondents expect to increase spending to protect sensitive data, network security outdid all other categories in terms of intended increased spending, at 48%. Security, event management and endpoint security followed at 43% each.
Disconnect Between Budgets and Protecting Sensitive Data

$40 billion is spent annually on information security products—most on legacy security technologies like firewalls, anti-virus software and intrusion prevention—yet data breaches continue to increase in both frequency and severity.
- Why Being Compliant Does Not Mean Being Secure
  
  View Slideshow »
View All Slideshows >

Organizations continue to equate compliance with security, fostering the mistaken belief that meeting compliance requirements leads to a more secure enterprise. In fact, data breaches are rising in organizations certified as compliant, a new study revealed. In many cases, investments in IT security controls are misplaced because most focus on perimeter defenses that consistently fail to halt breaches and increasingly sophisticated cyber-attacks, according to the study. Vormetric, an enterprise data security firm, issued the survey, "2016 Vormetric Data Threat Report," with think-tank 451 Research. The annual report polled 1,100 senior IT security executives at large enterprises worldwide. It details rates of data breach and compliance failures, perceptions of threats to data, data security postures and IT security spending plans. "Being compliant doesn't necessarily mean you won't be breached and have your sensitive data stolen," said Garrett Bekker, senior analyst of Enterprise Security at 451 Research. "But organizations don't seem to have gotten the message, with nearly two-thirds (64%) rating compliance as very or extremely effective at stopping data breaches."

Karen A. Frenkel writes about technology and innovation and lives in New York City.