With the recent Panama Papers leak, other high profile data security breaches such as those involving TalkTalk and JD Wetherspoon, the Snowden revelations about mass internet data surveillance, and with the EU’s new data protection guidelines due to come into force in under 2 years time (the GDPR) it is little wonder that a recent poll has shown that UK firms are now putting their data protection money where their mouths are.
Although data protection is now very much on the business agenda across Europe it appears that the UK businesses are leading the field in data protection investment.
The results of the TechTarget / Computer Weekly IT Spending Priorities survey as published recently on the Computer Weekly website show that in terms of investment by UK firms compared to firms elsewhere in Europe there has been a marked shift away from 2015’s access management (IAM) towards data loss prevention.
For example 38% of UK firms are putting data loss prevention as their top priority unlike other European firms whose top priorities (at 29%) are access management and network-based security according to consolidated European survey results.
Even though UK businesses are ahead of the trend in data protection spending, the poll of 1,000 respondents with nearly one fifth of them from the UK shows greater emphasis across Europe for data protection this year. The continued high priority of identity and access management (IAM) is a sign that European firms generally see the improvement of their IT governance, risk and compliance capabilities and encryption as areas that they need to take very seriously in the run up to the introduction of GDPR.
The high priority given to single sign on systems that typically use strong passwords in European (25%) and UK firms (35%) show an improvement in technology for and attitudes to information security.
Although apparent investment in perhaps less secure network-based security is still high in Europe and the UK (perhaps to boost network visibility), investment in application-based security tools across Europe and the UK is worryingly low given the recent trend of attacks affecting application layers.
The recent poll also appears to show faith in old technologies to provide adequate protection fading as investment in e.g. next-generation firewalls heads downwards.
Predictably the poll shows a rise in investment from UK and European firms in the planned investment in mobile devices security (40% across Europe), cloud security (27%) + hybrid cloud and management infrastructure (29%) in the UK, and security relating to the internet of things (IoT).
This poll indicates that as a UK business you are already likely to be giving a much higher priority to your data and cyber security than ever before, and that you regard this as a vital area for investment both now and in the future.
Security of your data and systems is now likely to be something that is no longer just responsibility of your IT department, but is something that with the aid of investment, training and raised awareness is the responsibility of all members of your organisation to uphold in their daily work.
Although you may have incorporated and had greater leverage from (e.g. mobile devices and IoT), you may not yet have invested in improving their security but it looks likely you'll need to invest more in this in the near future.