Safety and controls in country comparison
When it comes to the rising risk of cyberattacks and insider threats, employees and IT experts in German companies are more confident than their counterparts in France, the UK and the US. Study.
In the study "Differences in Security Practices and Vigilance Across UK, France, Germany and US." the responses of IT experts and end users from the four countries mentioned are compared. In total, over 3000 study participants took part (USA: 1109; Germany: 670; UK: 655; France: 593). All respondents are employed by organizations with a few dozen to several tens of thousands of employees from various industries.
The three biggest concerns in a country comparison
The three security threats of most concern to IT professionals were different in each of the four countries:
- Germany: Outside attackers stealing credentials from insiders (66%); malware (46%); suppliers with bad intentions (41%). Negligent insiders ranked fourth with 36%.
- France: Negligent insiders (67%); outside attackers stealing insiders' credentials (53%); suppliers with bad intentions (40%)
- United Kingdom (UK): Negligent insiders (61%); Outside attackers stealing insider credentials (55%); Malware (47%).
- USA: Negligent insiders (61%); Outside attackers stealing insider credentials (55%); Malware (47%).
Other key findings of the study:
- Employees in France, the United Kingdom, and the United States agree that negligent insiders pose a greater risk to corporate data than outside attackers or insiders acting maliciously.
- 50% of employees in Germany say they take all necessary measures to protect the corporate data they use. In the UK, this was only 39%, in France 37% and in the USA 35%.
- 44% of German employees also say that their company strictly enforces policies against misuse of or unauthorized access to data. In the UK (with 35%), the USA (with 32%) and France (with 29%), however, this figure was significantly lower.
- 39% of IT experts in Germany believe that their organization rigorously implements the principle of minimal rights assignment for file shares and other shared data stores, i.e., employees access only the corporate data they really need. Only 29% of respondents in the USA, 25% in France and 23% in the UK hold this view.
- Although German IT experts were the least likely to state that their company had already fallen victim to ransomware (12% compared to 17% in the US, 16% in France and 13% in the UK), ransomware causes them the most headaches in a country comparison: 83% of German IT experts expressed great or extreme concern here. In France, this figure was 80%, in the USA 77% and in the UK 63%.
- The number of companies and organizations whose data was lost or stolen in the last two years is highest in the U.S. (82%), followed by France (80%), GB with 76%) and Germany (64%).
- In a country comparison, most end users (30%) and IT staff (45%) in German organizations are of the opinion that their management would accept lower productivity if this would reduce security risks. By contrast, respondents in the UK (25% of employees, 34% of IT professionals), France (23% of employees, 35% of IT professionals) and the U.S. (21 % of employees, 30% of IT professionals) were less optimistic.
Larry Ponemon of the eponymous institute, comments: "Cultural and business norms vary from country to country, especially when it comes to balancing employee privacy and corporate security. This can affect how companies perceive insider threats and cyberattacks, how prepared they are for them, and how resilient they are. In terms of the frequency and magnitude of data breaches and data thefts, the curve is still steeply upward. Typically, far more employees and third parties can access sensitive data than necessary. Monitoring access and activity in email and file systems is a very important component when it comes to protecting data. Senior management and IT security executives have a responsibility to improve communications so that all employees and vendors know exactly how they can help protect important and sensitive data."
The study was conducted by the Ponemon Institute and funded by Varonis Systems, Inc. sponsored.