Two-thirds of major global corporations have experienced a security breach, and 20 percent of those report having a breach within the past year.
At least that’s the indication from a survey of more than 1,000 IT personnel from large companies, conducted by data protection firm Vormetric and analyst firm 451 Research.
The companies wanted to find out how worried IT managers at large corporations were about security breaches and what their experiences have been with system break-ins.
They learned that those surveyed are plenty worried and have good cause to be plenty worried. For instance, 96 percent said they felt vulnerable to a data breach, and 63 percent said they’d been through such a trauma.
However, preventing a breach was not IT’s top priority. When asked about that, 61 percent listed “meeting compliance requirements” as their top priority; preventing a security breach was listed as number one by 40 percent.
Breaches have gotten the attention of the budget setters. Six in 10 respondents said they were spending more this year to prevent a breach. But, said Garrett Bekker, senior analyst, information security at 451 Research and the author of the report, their spending is often misguided, based upon protective action that worked in the past but doesn’t work so well in the current data environment.
“IT security professionals are spending heavily on what has worked for them in the past,” said Bekker. “They are continuing to invest in defenses like network and endpoint security offerings that offer little help in protecting data once perimeters have been breached.”
The survey found health care organizations in particular aren’t taking the steps they need to protect their data. In part, that’s because these organizations have been behind the curve on systems safeguarding from the start. But they are also extremely focused on compliance, to an extent that diverts their attention from security, Bekker said.
“Compliance is only a step towards health care IT security,” he said. “As we learned from data theft incidents at health care organizations that were reportedly HIPAA compliant, being compliant doesn't necessarily mean you won't be breached and have your sensitive data stolen.”
Health care respondents revealed high levels of concern about storing their data on the cloud, the report said. But they are nonetheless following the trend and moving their data there, which in effect means that their data is even more at risk than in pre-cloud storage days, because of the industry’s lack of data management sophistication.