UK businesses are investing heavily in security solutions and employee training in a bid to become and remain compliant with data protection regulations. But increased investment is not translating into desired outcomes.
This is according to a new report from endpoint visibility provider Tanium, which says businesses “still feel unprepared”.
Polling 750 IT decision makers (100 of which were from the UK), Tanium found large UK organisations spent more than $66 million on data privacy and security solutions in the last 12 months. Investment was designed to ensure compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Businesses purchased software, hired new staff and trained existing employees and, on average, also increased their cyberliability insurance by $147 million.
Despite these measures, 93 percent still have “fundamental IT weaknesses” that leave them vulnerable and potentially non-compliant.
More than a third claim a lack of visibility and control over endpoints is the biggest barrier to maintaining compliance. Some IT decision-makers reported discovering endpoints they were not previously aware of on a weekly basis.
There are many reasons for this visibility gap, from a lack of unity between IT operations and security teams, to legacy systems that don’t provide accurate information, to various departments using Shadow IT.
In some instances, decision-makers don’t have access to tools to effectively manage their IT estate, and in other cases too many tools are at play.
“While it’s encouraging to see businesses investing to stay on the right side of data privacy regulations, our research suggests that their considerable spending could be undermined by inattention to basic IT principles,” said Chris Hodson, Chief Information Security Officer at Tanium.
“Many seem to have fallen into the trap of thinking that spending a considerable amount of money is enough to ensure compliance. Yet without true visibility and control of all their IT assets, they’re creating vulnerabilities that can be exploited by malicious actors.”