Why Being Compliant Does Not Mean Being Secure
While the majority of organizations feel vulnerable to data threats, they mistakenly equate compliance with security.
61% of respondents say they experienced a data breach in the past, up slightly from last year’s survey at 58%.
91% of organizations worldwide feel vulnerable to data threats, whether internal or external, and one-third feel either very vulnerable or extremely vulnerable.
39% of respondents say their organization has experienced a data breach or failed a compliance audit. That number has held steady for two prior surveys despite more overall data breaches.
Compliance is the top reason for securing sensitive data and spending on data security, but implementing security best practices posted the highest gain across all regions.
58% of respondents say spending to protect against data threats will be either somewhat higher (46%) or much higher (12%), up slightly from 56% in 2014.
Although 61% of respondents experienced a breach in the past, only 21 cite past data breaches as a reason for securing sensitive data.
Only 26.8% cited competitors’ breaches, such as Sony, Home Depot or Target, as motivators for increased attention to data security.
64% of respondents view compliance requirements as either very effective or extremely effective in preventing data breaches, up from 59% last year.
IT, health care, financial services and retail are most confident about the effectiveness of compliance requirements. 27% of IT respondents say it is “very effective.”
Although most respondents expect to increase spending to protect sensitive data, network security outdid all other categories in terms of intended increased spending, at 48%. Security, event management and endpoint security followed at 43% each.
$40 billion is spent annually on information security products—most on legacy security technologies like firewalls, anti-virus software and intrusion prevention—yet data breaches continue to increase in both frequency and severity.