EMERYVILLE, Calif.–(BUSINESS WIRE)– Tanium, a provider of unified endpoint management and security, has unveiled global research ahead of the second anniversary of the European Union’s General Data Protection Regulation (GDPR). The research shows misalignment between data privacy regulation spending and business outcomes.

Specifically, as businesses spend tens of millions on compliance, over 90 percent have fundamental IT weaknesses that leave them vulnerable and potentially non-compliant, says Tanium.

The global study of 750 IT decision makers revealed that organizations have spent on average $70.3 million each to comply with the GDPR, the California Consumer Privacy Act (CCPA), and other data privacy regulations over the past year. Most organizations have hired new talent (81 percent), invested in workforce training (85 percent) and introduced new software or services (82 percent) to ensure continued compliance.

In addition, 87 percent of organizations have set aside or increased their cyber liability insurance by an average of $185 million each, to deal with the potential consequences of a data breach.

However, despite this increased investment, organizations still feel unprepared to deal with the evolving regulatory landscape, with over a third (37 percent) claiming that a lack of visibility and control of endpoints[1] is the biggest barrier to maintaining compliance with regulations such as GDPR, says Tanium.

Increased spending not solving visibility challenges

This lack of visibility into how organizations see and manage endpoints such as laptops, servers, virtual machines, containers and cloud infrastructure causes major challenges. In fact, the study revealed major visibility gaps in the IT environment of most organizations prior to the pandemic.

Ninety four percent of IT decision makers have discovered unknown endpoints within their IT environment, and 71 percent of CIOs said they find new endpoints on a weekly basis.

Mass home working and employee use of personal devices is likely to exacerbate these problems, expanding the corporate attack surface. When compliance relies on understanding what tools you use, what endpoints you have and what data you hold across the entire organization, these visibility gaps are dangerous.

What is causing visibility gaps?

The majority (91 percent) of respondents acknowledged fundamental weak points within their organizations that are preventing a comprehensive view of their IT estate.

These visibility gaps are being caused by a lack of unity between IT, operations and security teams (39 percent), a lack of resources to effectively manage their IT estate (31 percent), legacy systems which don’t give them accurate information (31 percent), shadow IT (29 percent) and too many tools used across their business (29 percent).

The research found that firms have implemented an average of 43 separate security and operations tools to manage their IT environments. Tool sprawl like this further limits the effectiveness of siloed and distributed teams, adding unnecessary complexity.

Tech leaders are concerned about the consequences

In the study, IT leaders cited concerns that limited visibility of endpoints could leave their company more vulnerable to cyberattacks (53 percent), damage the brand reputation (39 percent), make risk assessments harder (33 percent), impact customer churn (31 percent) and lead to non-compliance fines (23 percent).

Respondents also revealed a false sense of confidence when it came to compliance readiness. Ninety percent of IT decision makers said they were confident of being able to report all required breach information to regulators within 72 hours.

But with nearly half (48 percent) reporting they have challenges in getting visibility into devices on their network, this confidence appears to be misplaced — a single missed endpoint could be a compliance violation waiting to happen.

You can find the full Visibility Gap report at tanium.com.

Methodology

Tanium commissioned independent market research specialist Vanson Bourne to conduct the research upon which this report is based. A total of 750 IT decision makers, including CIOs and CISOs, were surveyed in September/October 2019 across the United States, United Kingdom, Australia, France, Germany, The Netherlands, Japan and Canada. The respondents were from organizations with at least 1,000 employees internationally and could be from any sector.

Contacts

Tanium
Brooke Hamilton, +44 7909 525099
brooke.hamilton@tanium.com