author photo
By Courtney Theim
Tue | Mar 14, 2017 | 3:02 PM PDT

Even though spending on IT security is increasing (thank goodness), so is the frequency of data breaches.

According to Thales' 2017 Data Threat Report, the expectation that IT budgets will grow in 2017 has risen to 73%, up from 58% in 2016. 

Almost 68% of companies reported having been breached at some point, while 26% reported a data breach in the last year alone (up from 21.7% the past year). 

And 88% of the 1,105 IT executives surveyed say they feel vulnerable to data attacks. Those feeling "extremely vulnerable" rose from 8.2% to 9.1%. 

Garrett Bekker, Principal Analyst at 451 Research and author of the report, says in a press release: “One possible explanation for this troubling state? Organizations keep spending on the same solutions that worked for them in the past but aren’t necessarily the most effective at stopping modern breaches. Data protection tactics need to evolve to match today’s threats. It stands to reason that if security strategies aren’t equally as dynamic in this fast-changing threat environment, the rate of breaches will continue to increase.”

The study found that compliance is the main driver in adopting security practices (44%), over seeking to implement the actual best practice (38%). Interestingly, in 2016, brand recognition was one of the top reasons for implementing security practices (at 50%), which dropped to 36% in 2017.

While 59% believe being compliant will prevent data breaches from happening, Bekker points out, “Compliance is a minimum table stake for regulated enterprises... but being compliant does not mean you won’t be breached.” 

Beyond compliance, the report recommends moving beyond just your compliance recommendations, especially into the realm of better encryption and access control. Everything from your containers to your IoT devices should have some level of encryption, as well as varying levels of access.

Data is based on respondents from Australia, Brazil, Germany, Japan, the UK, and the U.S., in these industries: automotive, education, energy, engineering, federal government, healthcare, IT, retail, and telecommunications.