UK the most security-breached country in Europe, but organisations aren’t feeling the threat
Critical information systems, cybersecurity and data security provider, Thales, reports that the UK was Europe’s most data security-breached country in 2017. This is according to the 2018 Thales Data Threat Report, European Edition.
However, despite a 24% increase in the number of attacks – figures rose from 43% to 67% year on year – British businesses claimed to feel less vulnerable to data threats, than businesses across Germany, Sweden and the Netherlands.
Last year saw a number of extremely high-profile cyber-attacks hit Europe, with ransomware cryptoworm, WannaCry and wider-reaching malware, Bad Rabbit, crippling thousands of systems including the UK’s National Health Service (NHS). Large-scale names such as Equifax, Accenture and T-Mobile also became victims of cyber-crime, putting both their data and reputations at risk.
- While more organisations across Sweden (78%) and the Netherlands (74%) admitted to being breached in the past – as opposed to 67% in the UK – the last 12 months was a different story.
- 37% of businesses across the UK were breached
- 33% of German respondents were breached
- 30% of organisations in Sweden were breached
- 27% of respondents across the Netherlands were breached
Appearing unaffected by the rise in attacks, just 31% of UK organisations said they feel ‘very’ or ‘extremely’ vulnerable to data threats, leaving the majority (69%) feeling ‘somewhat’ or ‘not at all’ vulnerable Businesses across Sweden claimed to feel the most vulnerable (49%), followed by the Netherlands (47%) and Germany (36%).
Mapping the spend trend
Despite 7 in 10 respondents (69%) feeling just ‘somewhat’ or not at all vulnerable to cyber-attacks, the same ratio of UK organisations reported an overall increase in their IT security spending, with 15% outlining it to be ‘much higher’ than last year. This rise was, however, still less than spend in both Sweden (in which three quarters of businesses have upped their budgets to offset threats) and Germany (76%).
While 72% of organisations overall have dedicated more money to IT security, British businesses appeared to still fall short compared with their European counterparts. Almost two in every five (39%) Swedish respondents admitted their budget was ‘much higher’ than last year, while an additional 36% claimed it to be ‘somewhat higher’. The Netherlands and France both followed suit, with 29% and 24% spending a lot more this year on security.
A dip in compliance
The timeframe from announcement to implementation for the European General Data Protection Regulation (GDPR) gave organisations plenty of time to prepare themselves for compliance. However, the report results tell a different story, with high rates of failure for compliance audits, especially in the last year.
Businesses in Sweden ranked highest for failure, with almost half (49%) missing the mark for compliance audits. Those across the Netherlands were next in line at 38%, closely followed by Germany at 33%. On the other hand, 19% of UK organisations reported failing data security audits in the last year.
Aside from the UK, all other European countries showed decline in their efforts to meet compliance, a worrying set of results with so many changes to standards and regulations. Despite this drop, respondents across the board all cited compliance as being effective when it comes to preventing data breaches.
Peter Galvin, chief strategy officer, Thales eSecurity says: “A tidal wave of data breaches is continuing to roll across Europe, with three in every four organisations now a victim of cyber-crime. As a result, people are feeling more vulnerable than ever before, worried about where the next threat will come from, and in what form.
To stand the best chance of success against these advanced attacks, businesses need to dedicate the appropriate level of attention, budget and resource into safeguarding their sensitive data, wherever it happens to be created, shared or stored. The deployment of encryption is a well-recognised strategy to mitigate the risk of data breaches and cyber-attacks as well as protect an organisation’s brand, reputation and credibility”