Tanium Study: Over 90 percent of Global Organizations Surveyed Have Major Gaps in IT, Despite Tens of Millions Spent on Compliance Efforts

  • Global businesses have spent an average of $70m each over last year alone to meet new compliance regulations
  • Cybersecurity gaps are widespread, with shift to remote work exacerbating the problem
  • Despite some recent deferments, large data protection fines are the new normal

Emeryville, Calif., April 29, 2020 – Tanium, provider of unified endpoint management and security built for the world’s most demanding IT environments, has unveiled new global research ahead of the second anniversary of the European Union’s General Data Protection Regulation (GDPR). The research shows misalignment between data privacy regulation spending and business outcomes. Specifically, as businesses spend tens of millions on compliance, over 90 percent have fundamental IT weaknesses that leave them vulnerable and potentially non-compliant.

The global study of 750 IT decision makers revealed that organizations have spent on average $70.3 million each to comply with the GDPR, the California Consumer Privacy Act (CCPA), and other data privacy regulations over the past year. Most organizations have hired new talent (81 percent), invested in workforce training (85 percent) and introduced new software or services (82 percent) to ensure continued compliance. In addition, 87 percent of organizations have set aside or increased their cyber liability insurance by an average of $185 million each, to deal with the potential consequences of a data breach.

However, despite this increased investment, organizations still feel unprepared to deal with the evolving regulatory landscape, with over a third (37 percent) claiming that a lack of visibility and control of endpoints[1] is the biggest barrier to maintaining compliance with regulations such as GDPR.

Increased spending not solving visibility challenges

This lack of visibility into how organizations see and manage endpoints such as laptops, servers, virtual machines, containers and cloud infrastructure causes major challenges. In fact, the study revealed major visibility gaps in the IT environment of most organizations prior to the pandemic. Ninety four percent of IT decision makers have discovered unknown endpoints within their IT environment, and 71 percent said they find new endpoints on a weekly basis.
Mass home working and employee use of personal devices is likely to exacerbate these problems further, expanding the corporate attack surface. When compliance relies on understanding what tools you use, what endpoints you have and what data you hold across the entire organization – these visibility gaps are potentially dangerous.

Chris Hodson, Chief Information Security Officer at Tanium said, “While it’s encouraging to see global businesses investing to stay on the right side of data privacy regulations, our research suggests that their good work could be undermined by inattention to basic IT principles. Many organizations seem to have fallen into the trap of thinking that spending a considerable amount of money on GDPR and CCPA is enough to ensure compliance. Yet without true visibility and control of their IT assets, they’re leaving a backdoor open to malicious actors.”

What is causing visibility gaps?

The majority (91 percent) of respondents acknowledged fundamental weak points within their organizations that are preventing a comprehensive view of their IT estate.

These visibility gaps are being caused by a lack of unity between IT, operations and security teams (39 percent), a lack of resources to effectively manage their IT estate (31 percent), legacy systems which don’t give them accurate information (31 percent), shadow IT (29 percent) and too many tools used across their business (29 percent).

The research found that firms have implemented an average of 43 separate security and operations tools to manage their IT environments. Tool sprawl like this further limits the effectiveness of siloed and distributed teams, adding unnecessary complexity.

Tech leaders are concerned about the consequences

In the study, IT leaders cited concerns that limited visibility of endpoints could leave their company more vulnerable to cyberattacks (53 percent), damage the brand reputation (39 percent), make risk assessments harder (33 percent), impact customer churn (31 percent) and lead to non-compliance fines (23 percent).

Respondents also revealed a false sense of confidence when it came to compliance readiness. Ninety percent of IT decision makers said they were confident of being able to report all required breach information to regulators within 72 hours. But with nearly half (47 percent) reporting they have challenges in getting visibility into devices on their network, this confidence appears to be misplaced — a single missed endpoint could be a compliance violation waiting to happen.

Chris Hodson, Chief Information Security Officer at Tanium concluded: “GDPR and CCPA represent the beginning of a complex new era of rigorous data privacy regulations. Although some regulators have postponed large fines due to the current pandemic, it doesn’t defer the requirement for companies to ensure personal information is stored and processed using the strictest safeguards.

“Technology leaders need to focus on the fundamentals of unified endpoint management and security to drive rapid incident response and improved decision making. The first step must be gaining real-time visibility of these endpoints, which is a crucial prerequisite to improved IT hygiene, effective risk management, and regulatory compliance. With most teams working from home these days and many having to use their own devices, this has never been more important.”

The full Visibility Gap report can be found here.

Methodology
Tanium commissioned independent market research specialist Vanson Bourne to conduct the research upon which this report is based. A total of 750 IT decision makers, including CIOs and CISOs, were surveyed in September/October 2019 across the United States, United Kingdom, Australia, France, Germany, The Netherlands, Japan and Canada. The respondents were from organizations with at least 1,000 employees internationally and could be from any sector.

About Tanium
Tanium offers a unified endpoint management and security platform that is built for the world’s most demanding IT environments. Many of the world’s largest and most sophisticated organizations, including more than half of the Fortune 100, top retailers and financial institutions, and four branches of the US Armed Forces rely on Tanium to make confident decisions, operate efficiently and effectively, and remain resilient against disruption. Tanium ranks 7th on the Forbes list of “Top 100 Private Companies in Cloud Computing” for 2019 and 10th on FORTUNE’s list of the “100 Best Medium Workplaces.” Visit us at www.tanium.com and follow us on LinkedIn and Twitter.

Contact
Tanium
Brooke Hamilton, +44 7909 525099
[email protected]