Survey: European Organisations Must Do Better on Data Protection

Cyber security company Sophos announced the results of its latest research Thursday, highlighting attitudes among end-users towards security and data protection across Europe. The research, conducted by Vanson Bourne, reveals that 84% of respondents agree Europe needs stronger data protection laws, but 77% are not confident their organisations comply with the current regulations.

Of the 1,500 professional consumer and office workers surveyed across the UK, France and Germany, the majority confirmed that they were concerned about both their personal data (79%) and their corporate data (65%). However, while 91% of respondents had at least one safeguard in place when it came to protecting personal data, only 59% had antivirus. Furthermore, almost half (49%) said their organisation either did not have a data protection policy in place, or if it did had not communicated this to its employees.

The research, which was designed to gauge end-users’ understanding and awareness of data protection ahead of the new EU reforms, showed that of those surveyed, only 23% were completely confident their organisations complied with current data protection regulations. About 50% confessed to either: not knowing what encryption was (7%); not knowing whether their organisation had it in place (23%); or said that their organisation did not have it in place (20%). Only 23% could confirm if their organisations encrypted both employee and customer data.

Mobile device security

The report also examined end-user attitudes to mobile device security with nearly all respondents (98%) agreeing that the data is to an extent more important than the device itself. However, despite this, a quarter confessed to storing corporate information on their personal laptops and mobile phones, with almost one in five (19%) revealing they had lost a personal or mobile device at one point.

Furthermore, when it came to securing mobile devices, while the majority (64%) of respondents’ organisations implemented passwords to secure mobile devices, only 31% of those with company phones knew if they were encrypted as well. This compared with 51% of those with company laptops who could clarify their laptops were encrypted, highlighting the continued willingness to accept mobiles as a risk.

Sharing data

The majority of respondents agreed that information was the most valuable asset, with almost all (95%) saying that they needed to share, send and access corporate data from any device or location in order to work effectively. The research also unveiled that 66% of respondents do not always check whether the data is safe to share, and in order to share data more easily two thirds (64%) were prepared to use shadow IT and personal cloud services to circumvent their organisations’ IT restrictions and security policies.

Attitudes to cloud storage also differed in each country. Overall, 31% said their organisation allowed them to use cloud storage solutions like Dropbox in the workplace. However in the UK this increased to 44%, with only 27% allowed in France and 23% in Germany. A further 11% were not allowed to use cloud storage solutions like Dropbox but did so anyway. Likewise it was respondents from the UK who were more likely to share data in the cloud: 52% versus 40% in France and 34% in Germany.

Data protection legislation

Fully 61% of respondents said it was important we have stronger laws on data protection governing all European countries. Interestingly, this broke down to 54% of respondents in the UK, 68% of respondents in France and 62% in Germany.

There were also differences in opinion between the three countries with regard to the security of personal data: at 86%, France was more concerned than either the UK (78%) or Germany (74%). Germany was particularly unconcerned about cybercriminals getting hold of data (29%), compared with 49% in France and 45% in the UK. Equally, France was more concerned about the security of corporate data (76%) compared to 62% in the UK and 59% in Germany.

Interestingly, 60% of employees in the UK, compared with 43% in France and 50% in Germany, said their organisation had a data protection policy and it had been clearly communicated. In addition, the larger the organisation, the more likely users were to be aware of a data protection policy.

“With cybercrime at an all-time high organisations need to ensure the right data protection policies are in place to safeguard employee and customer data,” said Gerhard Eschelbeck, CTO, Sophos. “It’s clear from this research that despite the majority of end-users understanding the importance of information and the need to safeguard it, they are still prepared to ignore the dangers to make their lives easier. If we are to beat cybercrime, organisations need to ensure that the right policies are in place, not only to safeguard business critical information but also meet the needs of the employees.”


Related reading