Ensighten, the global leader in data security, governance and omni-channel data management, unveiled research showing that nearly half (46%) of enterprises believe they have a probable (or greater) risk of a website data breach. 15 per cent of enterprises also admitted that they have a definite, known risk. 67 per cent have not evaluated, considered, or yet implemented marketing security for their website.
The research, which investigated the views and attitudes of enterprises on marketing security, found that 41 per cent had already experienced a marketing security incident. Moreover, the study revealed that 13 per cent only review the security of their customer data just once every six months. This creates a risk to customer data security and privacy, as well as the regulatory risks to brands under the GDPR compliance regime.
Unwitting Culture of Risk Taking
Just 30 per cent of enterprises that participated in the survey stated that they were completely prepared in the event of a website breach. 10 per cent admitted that they don’t measure vulnerabilities and areas of potential data leakage at all. The majority of enterprises (56%) that had experienced some kind of breach were at least putting new security measures in place, but it took a slip-up to make improvements a priority. Such attitudes foster a culture of inadvertent risk taking with sensitive, valuable customer and enterprise data that results in large numbers of breaches year-on-year.
When exploring what was most likely to cause a data breach, malware (24%) and human error (24%) were cited as the highest-ranking factors. But when specifically looking at marketing security (MarSec), poor management systems (39%) and insufficient budgets (38%) were the most common challenges to blame for large enterprises’ security vulnerabilities.
Lack of budget is reflected by the annual average amount enterprises put aside for the protection of their customer data – coming in at just £20,000. 17 per cent of enterprises with over 5,000 employees also confessed they only spend between as little as £1,000 to £20,000 on the protection of customer data each year.
Ian Woolley, Chief Revenue Officer, at Ensighten commented: “It’s astonishing that nearly half of enterprises admit they are at risk of a website breach – and some are only checking security measures just once every six months. This is a global problem. We should question why enterprises aren’t taking better care of their data. It shouldn’t take a leak or breach to inspire action to improve marketing security when customer details are so sensitive. Prevention is better than cure. Brands must put the safety of their customers’ data first.”
MarSec is the real-time control and management of enterprise and customers’ data on a website to prevent leakages of data and PII. Despite more scrutiny on data governance following GDPR, the research reveals that over a third (37%) of enterprises were unaware of the concept.
On average just 27 per cent of enterprises’ total security budget is spent on marketing security – the primary touch point for most customer interactions. This lack of investment is highlighted by only 44 per cent of companies stating that they had full control/oversight over who has access to make changes on their website.
“A lot of enterprises are on the brink of a website breach by failing to put a holistic security strategy in place. Enterprises must properly assess their MarSec strategies and defences to protect their customers – and ultimately their reputation and future,” continued Woolley.