With every email now a target and every piece of data at risk, the need for data protection maturity has never been higher. According to the new Data Protection Maturity study released today by Lumension®, a global leader in endpoint management and security, IT security departments are responding with better policies, improved technology approaches and financial commitment.
More than 700 IT professionals from around the globe responded to the study, now in its fourth year and released in support of Data Privacy Day. Recognising the importance of today’ data security threats, 51 percent of organisations now maintain multiple data protection policies, up 16 percent from when this question was first asked in 2012. In 2014, 27 percent consider their data security policies exhaustive while 18 percent say their policies are minimal, a decrease of 30 percent since 2012.
“Organisations are making progress in securing their data and that points to greater appreciation for today’s cyber risk reality,” said Chris Merritt, director, solution marketing, Lumension. “Threats will of course continue to increase in number and severity but it seems IT now has the ear of their leadership and some progress is being made.”
Organisations report a continued need to defend against many different types of attacks however – 57 percent cite malware, 23 percent say software vulnerability exploitation and 19 percent say denial of service attacks. They also struggle with related IT risks. Top on the list this year is accidental data loss by employees, say 40 percent. Up 10 percent over last year, this is also the largest increase.
To combat these risks, organisations are also implementing security training. Of those that do, 46 percent say they offer security training on a formal and ongoing basis and 28 percent do so on an informal and ad hoc basis. Both of these figures have increased over last year. However, nine percent say they offer no security training.
Among the top trends in IT, mobile remains influential and those realities are reflected in the survey results. Just eight percent maintain an “open access” policy. One-fifth allow access with employee education and 16 percent limit access to higher-level staff. One-quarter permit “controlled access,” while more than one-quarter restrict access.
“It’s interesting to note that BYOD access is gradually opening up and becoming less restrictive. It’s difficult to pinpoint why but it’s likely due in part to the tidal wave of millennials who view it as a right, not a privilege, or it could be because of the near universal penetration of phones in society,” Merritt said.
Respondents also indicated their organisations are placing improved emphasis on security all the way through to their IT budgets. Those that assign less than two percent of their IT budgets to security fell 26 percent over last year and those that dedicate as much as 10 percent grew by 34 percent. Two-thirds of respondents consider their resource allocation sufficient for data protection policies and best practices.