Data breach firms ‘lack exec support for cloud security measures’
Written by Hannah McGrath
Nearly three quarters (67 per cent) of organisations that have suffered data breaches lack support from executive leadership for cloud security initiatives, according to a new study.
A global survey of 749 organisations by governance software vendor Netwrix highlighted that data security and cloud storage was one of the top security concerns for respondents from the UK, with nearly half (49 per cent) of organisations saying they store personally identifiable information (PII) in the cloud, while 43 per cent remain cautious, saying they would never store payment or financial data there.
A quarter of UK organisations that store their customer data in the cloud experienced at least one security incident during the preceding 12 months.
However, among organisations that store customer PII in the cloud, but did not classify all their data, 68 per cent experienced a security incident.
Three quarters of all organisations were not able to determine the threat actor behind a security incident, suggesting that threat detection and investigation remain a challenge for the vast majority of firms.
The survey also found that many organisations are lagging behind on measures to protect their cloud data, with 85 per cent of breached organisations saying that their cloud security budget did not increase in 2019.
A total of 67 per cent stated that their executive leadership teams don’t support their cloud security initiatives.
Furthermore, 55 per cent of organisations are not doing anything to strengthen their data security in the cloud, and half of those that are taking action will limit themselves to improving employee training.
Matt Middleton-Leal, EMEA and APAC general manager at Netwrix, said: “The survey revealed that, despite the GDPR, organisations still have very little visibility into what customer data they have and who has access to it.
“Lack of executive support hampers implementation of a security strategy, leaving organisations vulnerable to security threats – data discovery and classification will help organisations focus their security efforts on truly important data and choose appropriate controls within their limited IT budgets.”