comforte AG have announced research that reveals that European IT and security leaders may be dangerously over-confident in their ability to avoid cyberattacks and mitigate the risk of serious data compromise.
comforte AG commissioned Censuswide to interview 503 IT Security Specialists and Chief Information Officers across the UK, France, and Germany. The findings reveal that most organisations have suffered a serious cyberattack.
Over half (54%) of respondents say their company suffered an attack 1-3 times in the past 24 months, while a fifth (20%) claim to have been attacked 4-6 times in the same time period. Only 18% managed to avoid an attack.
Yet despite their experiences, the vast majority (85%) of respondents are somewhat or very confident they’ll avoid an attack over the coming 24 months. And if they are breached, responding organisations believe that it will take them just two hours on average to detect a compromise.
This apparent over-confidence in enterprise threat prevention, detection and response capabilities is doubly concerning because it seems to have encouraged complacency over data protection.
Three-quarters (76%) of those interviewed admit they’re taking a tick-box approach to GDPR compliance, which involves doing the bare minimum on data privacy and security. And although most (97%) have a contingency plan in place should they get breached, a quarter (26%) have not tested it.
The research also uncovers awareness gaps around data risk.
Around two-thirds of respondents say their organisation considers customer (66%) and financial data (63%) to be “risky.” But the figure drops to 60% for employee data, and even further for intellectual property (45%) and health data (28%).
In fact, health-related data is classified as “special category” data by the GDPR, meaning it requires more protection.
The security and awareness gaps highlighted in the report could be down to the fact that only a quarter (25%) of respondents say their organisation has been fined in the past due to data breaches.
“Data is the number one asset that any organisation holds, and they shouldn’t wait until it’s too late to take action. Our research clearly shows that serious attacks are a matter of when, not if,” said Henning Horst, CTO of comforte AG. “By deploying data-centric security today, enterprises can mitigate the worst impacts of a potential breach tomorrow, and drive digital transformation initiatives forward with confidence.”
Although 87% of respondents say their security budget will likely increase this year, nearly two-thirds (64%) still view data protection as a hurdle to digital transformation, rather than a driver for projects.
*Separate research reveals that the global mean time to identify and contain a breach stood at 277 days in 2022.