At its core, data loss is a people problem. In most cases, a careless people problem. That is the conclusion of Proofpoint’s inaugural 2024 Data Loss Landscape report.
Data can leave your organisation in a number of ways, be it via phishing, poor password hygiene or a simple mistake like an email sent to the wrong person (so-called misdirected email). However, no matter how your data finds itself outside the protections of your organisation, we can be sure of one thing – it did not get there on its own.
Based on Proofpoint data and survey responses from 600 security professionals in 12 countries, the 2024 Data Loss Landscape report explores the frequency, types and contributory factors behind data loss incidents around the world. Many universal themes emerged, with others specific to sectors and global regions. To better understand the data loss landscape in Europe and the Middle East, we’ve analysed the responses from the six countries in the region included in the report. Below is a summary of our findings.
Fewer incidents. Greater impact.
The rates of data loss incidents among organisations in Europe and the Middle East are lower than the global average. While this may appear wholly positive, the fact that a greater percentage of the region's individual organisations also report a higher number of incidents raises concern.
As is often the case, inadequate budgets and inefficient user training have a significant part to play in total incident counts. However, there is another factor contributing to this trend that the region is struggling to get under control: employee turnover.
Driven by staff churn, organisations in Europe and the Middle East have pinpointed departing employees as a significant area of risk for potential data loss.
Lack of budget fuels revenue loss
Companies in Europe and the Middle East are not alone when it comes to budgetary issues – but they appear to be feeling the strain more than most.
In comparison to the rest of the world, more countries in this region say that a lack of budget poses a significant challenge to protecting against data loss. While it’s positive that businesses in the region recognise the need to address data loss, the consequences of this budgetary-constrained environment run much deeper than data exposure - the region’s organisations also report business disruption and revenue loss at higher rates than the global average.
Compliance requirements focus attention
Preventing data loss is a top priority for organisations around the world. When asked what categories of data are the most important to protect, almost 60% of those surveyed said corporate data.
It’s not difficult to understand why. Corporate data loss can be devastating, with nearly 40% of organisations reporting reputation damage and one-third of respondents saying that their competitive position was weakened by corporate data exposure.
In Europe and the Middle East, where an even higher percentage are concerned about protecting corporate data, there’s another factor at play, too. Organisations in the region cited regulatory compliance requirements as the primary factor driving data loss prevention (DLP) efforts.
Security teams know they are falling short
Security teams around the world have a low opinion of their data protection capabilities. Just 38% say they have a mature DLP programme. The outlook in Europe and the Middle East is even more bleak. The region’s security professionals self-assessed their information programmes as less mature than their global peers. As for what is needed to put this right, most surveyed organisations point to improved anomaly detection and more proactive capabilities to detect and deter insider threats.
Investment in AI is a top priority
Understandably, given the assessment of their DLP capabilities, organisations across Europe and the Middle East recognise the need for further investment. Most of the region’s security professionals say budget increases will help bolster their information protection.
At the same time, there is a growing desire for greater investment in AI-powered tools to mitigate staff and skill shortages. With the ongoing shortfall in qualified security practitioners, AI is viewed as the solution to amplifying analyst output and efficiency while reducing the risk of burnout.
Is your DLP programme fit for purpose?
As the way we access, process and store data changes, we need to make sure our DLP and insider threat solutions change, too. What worked yesterday is not necessarily sufficient in today's cloud-first, hybrid-working and generative AI-enabled world.
In our upcoming webinar, we take a deep dive into the findings of the 2024 Data Loss Landscape report to outline the best ways to boost cyber resilience and keep your data safe from harm.
Register today to join us on Thursday 18 April at 13.00 GMT / 14:00 CET / 17:00 GST