Why Being Compliant Does Not Mean Being Secure

Why Being Compliant Does Not Mean Being Secure

Why Being Compliant Does Not Mean Being Secure

While the majority of organizations feel vulnerable to data threats, they mistakenly equate compliance with security.

Rates of Data Breaches Rise

61% of respondents say they experienced a data breach in the past, up slightly from last year’s survey at 58%.

Organizations Feel Vulnerable

91% of organizations worldwide feel vulnerable to data threats, whether internal or external, and one-third feel either very vulnerable or extremely vulnerable.

Holding Steady

39% of respondents say their organization has experienced a data breach or failed a compliance audit. That number has held steady for two prior surveys despite more overall data breaches.

Best Practices

Compliance is the top reason for securing sensitive data and spending on data security, but implementing security best practices posted the highest gain across all regions.

Data Security Spending to Increase

58% of respondents say spending to protect against data threats will be either somewhat higher (46%) or much higher (12%), up slightly from 56% in 2014.

Denial About Data Threats

Although 61% of respondents experienced a breach in the past, only 21 cite past data breaches as a reason for securing sensitive data.

High-Profile Breaches Aren’t Motivators

Only 26.8% cited competitors’ breaches, such as Sony, Home Depot or Target, as motivators for increased attention to data security.

Compliance and Security Equated

64% of respondents view compliance requirements as either very effective or extremely effective in preventing data breaches, up from 59% last year.

Who Favors Compliance the Most?

IT, health care, financial services and retail are most confident about the effectiveness of compliance requirements. 27% of IT respondents say it is “very effective.”

Times Have Changed, Security Strategies Have Not

Although most respondents expect to increase spending to protect sensitive data, network security outdid all other categories in terms of intended increased spending, at 48%. Security, event management and endpoint security followed at 43% each.

Disconnect Between Budgets and Protecting Sensitive Data

$40 billion is spent annually on information security products—most on legacy security technologies like firewalls, anti-virus software and intrusion prevention—yet data breaches continue to increase in both frequency and severity.