Employees and IT professionals in German organizations are more confident about their ability to resist the growing risks of cyber attacks and insider threats than their counterparts in the US, UK and France. Those are among the findings from a new study.
The survey was conducted by the Ponemon Institute and sponsored by Varonis Systems, Inc.
The survey report, ‘Differences in Security Practices and Vigilance Across UK, France, Germany and US,’ compares the responses of IT professionals and end-user employees in these four countries. The total of 3,027 respondents included 1,109 people in the United States, 670 people in Germany, 655 people in the UK, and 593 people in France, who work in organizations ranging in size from dozens to tens of thousands of employees in a variety of industries including financial services, public sector, health care and life sciences, retail, industrial, and technology and software.
The key findings include:
- Employees in the UK, France, Germany, and the US all say insiders who are negligent are more likely to put the organization’s data at risk than external attackers or insiders acting with malicious intent.
- 50 percent of German employees say they take all appropriate steps to protect the company data they access and use, compared with 39 percent of UK employees, 37 percent of French employees and 35 percent of US employees.
- 44 percent of German employees say their organizations strictly enforce policies against the misuse or unauthorized access to company data, well above the responses to the same question in the UK (35 percent), US (32 percent) and France (29 percent).
- 39 percent of IT professionals in Germany believe their organizations fully enforce a strict least privilege model (which means access to company data only on a need-to-know basis) for file shares and other collaborative data stores, much higher than the confidence levels in the US (29 percent), France (25 percent) and UK (23 percent).
- Although German IT pros are least likely to say their organizations have experienced ransomware (12 percent compared with 17 percent in the US, 16 percent in France and 13 percent in the UK), they express the highest levels of concern about the threat of ransomware (83 percent very or extremely concerned in Germany compared with 80 percent in France, 77 percent in the US and 63 percent in the UK).
- Asked if their organizations have experienced the loss or theft of data in the last two years, the highest response among IT people was in the US (82 percent), followed by France (80 percent), UK (76 percent), and Germany (64 percent).
- In Germany, both employee end users (30 percent) and IT staff (45 percent) are more likely than in the other countries to believe their management would accept a decline in productivity in order to prevent security risks. The same question produced less optimism about this balance in the UK (25 percent of employees, 34 percent of IT), France (23 percent of employees, 35 percent of IT), and the US (21 percent of employees, 30 percent of IT).
- The top three security threats that most concern IT professionals differ in each country:
- France: Insiders who are negligent: 67 percent, outside attackers who compromise insider credentials: 53 percent, malicious contractors: 40 percent
- UK: Insiders who are negligent: 61 percent, outside attackers who compromise insider credentials: 55 percent, malware: 47 percent
- US: Insiders who are negligent: 61 percent, outside attackers who compromise insider credentials: 55 percent, malware: 47 percent
- Germany: Outside attackers who compromise insider credentials: 66 percent, malware: 46 percent, malicious contractors: 41 percent (insiders who are negligent ranked fourth: 36 percent).