Tick-box GDPR Compliance and High Cyberattack Volumes Put European Data at Risk

Wiesbaden, Germany – 03 May 2023 – comforte AG announces research revealing that European IT and security leaders may be dangerously over-confident in their ability to avoid cyberattacks and mitigate the risk of serious data compromise.

comforte AG commissioned Censuswide to interview 503 IT Security Specialists and Chief Information Officers across the UK, France and Germany.

The findings reveal that most organizations have suffered a serious cyberattack.

Over half (54%) of respondents say their company suffered an attack 1-3 times in the past 24 months, while a fifth (20%) claim to have been attacked 4-6 times in the same time period. Only 18% managed to avoid an attack.

Yet despite their experiences, the vast majority (85%) of respondents are somewhat or very confident they’ll avoid an attack over the coming 24 months. And if they are breached, responding organizations believe that it will take them just two hours on average to detect a compromise.*

This apparent over-confidence in enterprise threat prevention, detection and response capabilities is doubly concerning because it seems to have encouraged complacency over data protection.

Three-quarters (76%) of those interviewed admit they’re taking a tick-box approach to GDPR compliance, which involves doing the bare minimum on data privacy and security. And although most (97%) have a contingency plan in place should they get breached, a quarter (26%) have not tested it.

The research also uncovers awareness gaps around data risk.

Around two-thirds of respondents say their organization considers customer (66%) and financial data (63%) to be “risky.” But the figure drops to 60% for employee data, and even further for intellectual property (45%) and health data (28%).

In fact, health-related data is classified as “special category” data by the GDPR, meaning it requires more protection.

The security and awareness gaps highlighted in the report could be down to the fact that only a quarter (25%) of respondents say their organization has been fined in the past due to data breaches.

“Data is the number one asset that any organization holds, and they shouldn’t wait until it’s too late to take action. Our research clearly shows that serious attacks are a matter of when, not if,” said comforte CTO, Henning Horst. “By deploying data-centric security today, enterprises can mitigate the worst impacts of a potential breach tomorrow, and drive digital transformation initiatives forward with confidence.”

Although 87% of respondents say their security budget will likely increase this year, nearly two-thirds (64%) still view data protection as a hurdle to digital transformation, rather than a driver for projects.

*Separate research reveals that the global mean time to identify and contain a breach stood at 277 days in 2022.

About comforte

comforte AG is a leading provider of data-centric security technology. Today, more than 500 Enterprises worldwide rely on its tokenization and format-preserving encryption capabilities to secure the sensitive data that they have been entrusted with. The comforte Data Security Platform seamlessly integrates into the most modern cloud-native environments as well as traditional core systems. No matter where your data is, it helps you discover, classify and protect it. With more than With 20 years of experience in data security and protection of truly mission-critical systems, comforte AG is the perfect partner for organizations who want to secure their growth by protecting their most valuable asset: data.

The comforte Data Security Platform enables automated continuous discovery of sensitive data with near-real-time updates and the ability to protect structured sensitive data inside files, applications, data lakes, and databases - hybrid, cloud, SaaS, and on-prem. The platform also provides continuous data security at rest, in motion and in use, and deploys in a fraction of the time of traditional, API-driven solutions. By leveraging standards-based data encryption, tokenization, and masking, the comforte Data Security Platform provides granular audit and control for regulatory compliance.

Fore more information, also follow us on LinkedIn and Twitter.