Some 78 percent of organisations polled The Thales 2018 Data Threat Report plan on increasing their IT security spending in 2018, up from 73 percent globally in 2017, and including nearly 86 percent of US organisations.
But most are ramping up expenditure on things that are the least effective in securing data, while spending less on security approaches that are deemed most effective.
For example, perceived effectiveness of securing data at rest, at 77 percent, was rated as exceeding network security at 75 percent. Meanwhile endpoint security was last in terms of effectiveness. But perversely, endpoint has the highest planned spending globally at 57 percent - compared to spending on security at rest which came bottom at 40 percent.
The report also notes how in the past years, compliance has been the main driver of setting security spending priorities, this year, at 37 percent, compliance was overtaken by fear of financial penalties from data breaches, with 39 percent putting ‘avoidance of financial penalties' as the top concern, though GDPR and PSD2, plus APPI changes in Japan will have an impact in the year ahead..
Further bad news is that successful breaches have reached an all-time high for both mid-sized and enterprise class organisations, with more than two thirds (67 percent) of global organisations and nearly three fourths (71 percent) in the US having been breached at some point in the past.
Other findings include 71 percent of enterprises already gathering data for IoT initiatives with security concerns a major impediment to deployment.
SaaS is the new tech most likely to house sensitive data (45 percent globally)
Use of containers is growing 40 percent annually, expected to reach US$ 2.7 billion (£1.9 billion) by 2020.
Blockchain is expected to disrupt virtually all business models and industries globally, incking Public Key Infrastructure and identity management. Complexity, or the perception that data security is complex, remains the top barrier to implementing effective data security says the report, at 43 percent globally.
More than twice as many respondents chose encryption as the top means of ensuring compliance and privacy compared to number two choice, tokenisation.
Multi-cloud strategies are increasingly adopted, with 84 percent globally choosing more than one IaaS vendor, and 34 percent using more than 50 SaaS applications. Thales' report, aimed at answering the question,“What will it take to stop the breaches?” is based on research surveying 1,200+ senior executives from across the globe, including respondents from key regional markets such as the US, UK, Germany, Japan, Sweden, the Netherlands, Korea and India. Whilst all 1,200 have some influence in data security decision-making, more than one third (34 percent) have major influence on these decisions and nearly half (46 percent) have sole authority in decision making.
In this year's report, India, Korea, Sweden and the Netherlands replaced responses from countries such as Australia, Brazil and Mexico. However, the US, UK, Germany and Japan have been a part of the two prior reports with 800 respondents data being included.
As with Thales' previous reports, the base questions from the previous year are still included, however, several new questions are added that are centered around the new technologies that firms are using to drive their digital transformation. Specifically, the new questions this year (of which there are five) centre around the prevalence of multi-cloud adoption, securing Big Data environments, the security impact of machine learning and AI, mobile payments and blockchain. In summary, Thales have tried to keep comparative consistency from year to year, while at the same time permitting the report to evolve.
Also listen to Thales' upcoming Webinar on SC Media UK: