Many Mid-Size European Businesses Face Security Challenges

Mid-Sized European Businesses Not Meeting the Challenge of Data Security

Many mid-sized businesses may believe that they are too small for attackers to target, but this assumption is far from valid. Any organization that stores information – whether it’s customer records, product data or trade secrets – are at risk for data loss. Yet, according to a recent study by PriceWaterhouse Coopers (PwC) of 600 mid-sized companies in the UK, France, Germany, the Netherlands, Spain and Hungary, mid-sized European businesses are not doing a great job accepting and managing that risk. The study, “Beyond Cyber Threats: Europe’s First Information Risk Maturity Index,” found many mid-sized European businesses are failing to protect sensitive data and not taking employee-borne data threats seriously.

To highlight the gap between what companies should be doing and what they are actually doing, PwC measured 34 separate practices organizations should have in place to protect information. Organizations could earn a maximum score of 100 on the index, but on average, businesses scored 40.6, which indicates there is a lot work to be done to get data protection practices to an acceptable level.

Financial services and pharmaceuticals firms performed better than under industries, but in general, the lack of sound data security practices were concerning. The study found:

• 60% of respondents were unsure if employees had the right tools to manage data security risks
• Only 36% of businesses had a specific person or team in place responsible for information risks
• A quarter of businesses attributed more than 60% of their financial losses to accidental breaches by insiders
• Only 1% of mid-market companies saw information risk as the responsibility of everyone in the organization

The impacts of data breaches are significant. Last year, small to medium European businesses lost an average of 2-4 days at a cost of £15,000 – £15,000, had an incident response cost of £4,000 – £7,000, direct financial loss due fines and compensation to customers of £3,000 – £5,000 and indirect loss of £10,000 – £10,000. Few small to medium sized businesses can easily afford these costs.

Protecting sensitive data is not all about tools, organizations must train employees on security policies and consistently reinforce the messages to ensure staff is aware of what is expected. Once sound policies are established, tools can help monitor and enforce rules and guidelines.