Survey shows that 95% of companies trust their perimeter, despite mounting breaches

More than 95% of UK businesses are confident in the ability of their perimeter security to keep attackers out of their IT networks, despite the growing number of breaches and attacks.

The news, which comes as part of Gemalto’s annual Data Security Confidence Index, reveals that UK businesses are operating under a false sense of security when it comes to their data.

Despite Gemalto’s Breach Level Index report for 2016 revealing that UK businesses suffered over 100 data breaches last year, accounting for more than 50 million data records, more than half of UK companies surveyed said that they were extremely confident that their data would not be compromised in the event of a breach.

“As a security professional, it feels like I’ve been saying forever that basic perimeter security measures are no longer enough,” said Gemalto’s director of data protection product strategy, Joe Pindar. “So it’s worrying to see that the UK is continuing to place ultimate faith in these systems, without thinking about what attackers actually want — their data.”

“Without a switch in mentality, and starting to protect the data at its source with robust encryption and two-factor authentication, the UK is like one of the three little pigs. Unfortunately, the one sitting in the straw house — not realising that when the time comes, passwords and perimeter security alone will not stand up to attackers.”

The survey, which polled 100 UK firms in addition to companies in other territories, also revealed that the majority of companies are still unprepared for the arrival of GDPR. More than 50% of respondents stated that they did not believe they would be compliant by May next year, when the legislation comes into force.

“Investing in cybersecurity has clearly become more of a focus for businesses in the last 12 months,” said Jason Hart, vice president and chief technology officer for data protection at Gemalto.

“However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold, or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don’t improve their cybersecurity will face severe legal, financial and reputational consequences.”