93% of Japanese Enterprises Vulnerable to Data Threats, 39% Experienced a Data Breach
2016 Vormetric Data Threat Report – Japan
SAN JOSE, Calif. – March 10, 2016 – Thalesesecurity, a leader in enterprise data security for physical, virtual, big data, public, private and hybrid cloud environments, today announced the results of the Japan Edition of the 2016 Thales eSecurity Data Threat Report (DTR). The report is issued in conjunction with analyst firm 451 Research with polling for the report featuring the responses of 1,100 senior IT security executives at large enterprises worldwide, and over 100 in Japan. This edition of the 4th annual report extends earlier findings in the global report, and cloud, big data and IoT edition with findings about Japanese enterprise leader’s perceptions of threats to data, rates of data breach failures, data security stances and IT security spending plans. Critical findings:
- 93 percent of Japanese organizations feel vulnerable to data threats
- 39 percent had experienced a past data breach, indicating that there are good reasons for this fear
- Top external threats recognized were Cyber-terrorists at 77 percent and Cyber-criminals at 76 percent
- In spite of threats and vulnerabilities, only 31 percent are increasing spending to protect sensitive data
“Data breaches are happening everywhere, and Japan is not immune,” said Garrett Bekker, senior analyst, information security, at 451 Research and the author of the report. “Clearly, IT security leaders in Japan are worried about data breaches, but are being held back from adding data-centric security by lack of budget (49 percent) and a perception of complexity (44 percent), while also increasing spending in legacy technologies like network and anti-virus that are not able to ensure the safety of data once attackers compromise networks and systems. ”
Positive results for Japanese enterprises
A realistic view of compliance – Slow moving compliance standards consistently fail to stop today’s multi-level, multi-phase attacks. Globally, many organizations that encountered a serious data breach were certified compliant with PCI or other standards. Yet 64 percent of global respondents believed that compliance was very or extremely effective at stopping data breaches. In contrast enterprises in Japan appear to be more realistic about compliance, with only 33% believing that it is highly effective at preventing data breaches.
Sensitive data in the cloud – Low rates of sensitive data use within cloud environments lead to lower risks. Japanese respondents reported rates of use of sensitive data within cloud environments at 37 percent for Software as a Service (SaaS) and Infrastructure as a Service (IaaS) as well as 39 percent for Platform as a Service (PaaS) environments. These rates were among the lowest world-wide. With low levels of sensitive data in these emerging technology environments, risks to data were also perceived to be low, with only 17 percent rating SaaS as a top three risk for sensitive data, and rates of top three risks to data at 11 percent for IaaS and PaaS.
Recognition of the risks of privileged users to data – The top internal threats to data were privileged users (system administrators and other IT personnel that manage and maintain systems and networks) at 49 percent, followed by ordinary employees at 45 percent and executives at 36 percent. This represents a positive change from last year when ordinary employees were rated the top threat at 56 percent and privileged users were third with only 36 percent. For many operating systems and applications, the roles of privileged users give them access to all the data available to the system or applications they manage, making them a primary risk for compromise of data internally, and their account information a primary target of external attackers attempting to steal data.
Potential exposures revealed by the report for Japanese enterprises
Top barriers to adoption of data security tools in Japan are cost and complexity – Lack of budget was cited as a primary barrier to adoption of data security technologies in Japanese organizations by 49 percent of respondents, followed by complexity at 44 percent, and lack of staff to manage at 37 percent. Lack of budget to address data security problems especially may help to explain the high level of vulnerability felt by enterprises (93 percent), and is also reflected in low levels of increased spending planned (31 percent).
Knowledge of where sensitive data is located – Only 21 percent believe that they have complete understanding of where their sensitive data is located. And although 65 percent claim some knowledge of sensitive data locations, this leaves a potentially very large set of sensitive data at risk within Japanese enterprises. Data security protections are the last line of defense after other defenses have failed, but must be placed around sensitive data. Without clear knowledge of where sensitive data is located, necessary precautions cannot be taken.
Increases in spending on IT security tools that don’t prevent data breaches – The areas where Japanese enterprises will increase spending are concentrated in tools that consistently fail to stop data breaches; Network defenses at 29 percent as well as end point and mobile defenses at 26 percent. Data-at-rest defense spending was only planned to increase for 20 percent of respondents.
“Clearly, IT security leaders in Japanese enterprises have a realistic view of their risks to data,” said Tina Stewart, Thales eSecurity vice president of marketing. “But low levels of spending on data security, and outdated investments in IT security technologies that are less effective at protecting data, are putting their organizations at risk.”
The research report is available from Thales eSecurity and can be found here.
About 451 Research
451 Research is a preeminent information technology research and advisory company. With a core focus on technology innovation and market disruption, we provide essential insight for leaders of the digital economy. More than 100 analysts and consultants deliver that insight via syndicated research, advisory services and live events to over 1,000 client organizations in North America, Europe and around the world. Founded in 2000 and headquartered in New York, 451 Research is a division of The 451 Group.
About Thales eSecurity
Thales eSecurity’s comprehensive high-performance data security platform helps companies move confidently and quickly. Our seamless and scalable platform is the most effective way to protect data wherever it resides—any file, database and application in any server environment. Advanced transparent encryption, powerful access controls and centralized key management let organizations encrypt everything efficiently, with minimal disruption. Regardless of content, database or application—whether physical, virtual or in the cloud—Vormetric Data Security enables confidence, speed and trust by encrypting the data that builds business.
Thales eSecurity USA
+1 (415) 591-8409
Jonathan Mathias / Matthew Watkins
+44 203 217 7069
VormetricTeam@finnpartners.comVormetric South Korea
+82 2 566-8898