Businesses are over-confident when it comes to data breach defences

A new piece of research has raised further worries about data breaches, and specifically, the perception gap between the number of businesses who believe they've experienced a breach, and the actual numbers of data breaches occurring.

The research in question is the new Breach Confidence Index from Ilex International, an identity and access management company, which is based on a survey by YouGov that questioned just over 500 IT decision-makers in the UK.

It found a rather misplaced high level of confidence regarding breaches, with 24 per cent of those questioned saying they were very confident their organisation is protected against a possible breach, and a whopping 59 per cent saying they were fairly confident.

In other words, there's a good level of confidence from 84 per cent of businesses in terms of their defences, which obviously isn't a realistic figure given the amount of breaches that occur.

Of course, as Ilex pointed out, some firms may not even realise they've been the victim of a hack. Half of respondents – 49 per cent – said their organisation hasn't been hit by a security breach, yet when you compare that to the actual statistics there is a major disconnect.

The IT decision-makers surveyed were also asked what the most common weaknesses were that resulted in a security breach, and the foremost issue was, unsurprisingly, malware vulnerabilities which were responsible for 22 per cent of breaches.

Email security was only just behind that, though, on 21 per cent, with employee education (i.e. bad practices or user error from staff) in third place at 15 per cent.

Cloud apps were next at 12 per cent, also tied with insider threats (malicious actions from staff) on the same percentage.

Thierry Bettini, Director of International Strategy at Ilex, commented: “It’s important that businesses come to terms with the reality of data security breaches. If they don’t think they have been targeted yet, they will be and need to be prepared. As technology evolves and brings new security risks, businesses should be doing all they can to educate employees on security best practices and tighten access to sensitive data.”

Image Credit: Balefire / Shutterstock