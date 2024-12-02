The survey of 400 companies with more than 1,000 employees in the UK, France, Germany, Sweden and the Netherlands revealed that 80% rely on traditional approaches to security.

The survey shows that only 12% of respondents regard insider threats as being of high concern. More are concerned about viruses (67%), advanced persistent threats (APTs) (42%), phishing (28%) and poor user security practices (27%).

Respondents listed the top three obstacles to investigating threats from within the organisation as not knowing what to look for (40%), a lack of education and training (39%) and not understanding what normal looks like across different departments (36%).

While nearly all respondents recognise the need to use firewalls (98%) and anti-virus (96%), very few see the need to back them up with security analytics (15%) or user behaviour analytics and anomaly detection (12%) to detect breaches after they have happened.

Less than half of respondents have either a dedicated incident response team (41%) or a security operations centre (34%) in place.

Duncan Brown, research director at IDC’s European security practice, said the majority of organisations have experienced a data breach over the past two years, but the average time to discover a breach remains around eight months. According to Brown, organisations should take an analytics-driven approach to detect threats early and respond effectively.