Statistics show that almost half of all organizations suffered at least one serious security incident / data breach in the past 12 months, a figure which grows year-to-year. Some estimates place the figure higher, closer to three-quarters of all organizations. In healthcare, the percentage of organizations who have suffered a significant data breach or security incident ranges from 68% of organizations in the past year to 91% in the past two years. With this in mind, one would assume that organizations would be hesitant to declare themselves “confident” in preventing a data breach. Unfortunately, new data reveals that organizations are overconfident in their security posture, a position that is likely to open them up to unnecessary risk.
According to the Breach Confidence Index released by Ilex International, conducted by YouGov, 83% of organizations claimed to be “fairly” or “very” confident that their business was secure against a data breach. The report, based on 530 IT decision-makers in the UK, showed that 51% of organizations believed that they had suffered a data breach, a number well-below average. As the survey notes, this number does not reflect a better security posture, but rather the underreported figures are likely attributed to a lack of awareness that a security incident has occurred, since reporting of security breaches is (currently) not required.
“With the UK being a leading economic centre and a major target for cyberattacks, the high confidence level is worrying and completely misplaced. The Breach Confidence Index shows that businesses have a false sense of security which could result in an increase in security breaches,” noted Thierry Bettini, Director of International Strategy at Ilex International.
Just as fear can cause an organization to make irrational security responses, the lack of fear (this overconfidence) can cause organizations to be complacent in their security preparedness. We see this same overconfidence when organizations assume that “compliant” is the same thing as “protected,” which it is not.
It’s critical that organizations realize that data breaches can never be completely avoided, even with the best security posture, but the impact of a data breach can be minimized with preparedness. From proactive monitoring and reporting, to detection and response procedures, deploying a layered approach to security that extends beyond “good-enough” protection is the most effective strategy to keep sensitive information private and ultimately avoid legal and financial recourse. Learn more about how Absolute can provide the adaptive endpoint security your organization needs to always stay in control of devices and the data they contain.