Businesses face an unprecedented set of information security risks in 2017. They are suffering a growing number of data breaches, but their compliance risks are also mounting. Organisations must address cybersecurity and privacy, not just because they face financial and reputational fallout if they don’t, but also because regulators can penalise them for inadequate protection.

Against this backdrop, NTT Security interviewed 1,350 decision makers in businesses in 11 countries to find out how they viewed information security risk, and what they were doing to mitigate it. The findings are presented in our Risk:Value Report 2017 which is available to download now here and a follow up to our 2016 report.

This year’s report examines several key areas, including where data was physically stored, the impact of new compliance requirements, and how well businesses communicated information security policies to staff. It broadens an already comprehensive picture of global cybersecurity preparedness.

The results from the research are mixed. On the one hand, companies are making headway in the fight to secure their data. They are showing improvements in key areas, such as storing data securely, investing in cybersecurity measures and cyber insurance.

Nevertheless, there are several gaping holes in cybersecurity preparedness. Companies are unaware of how or even whether security-related regulations affect them. In fact, 19 per cent admit they don’t know which compliance regulations they are subject to, and just 40 per cent believe they will be subject to the impending General Data Protection Regulation (GDPR).

With data management and storage a key component of GDPR, the Risk:Value report also reveals that a third of businesses do not know where their data is stored, while just 47 per cent say all of their critical data is securely stored. Of those that know where their data is, fewer than half describe themselves as ‘definitely aware’ of how new regulations will affect their organisation’s data storage.

With this in mind, it is more important than ever that businesses adopt appropriate information security processes, procedures and technologies to protect themselves and their customers from compromise. How do they view the current risks surrounding information security? What have they done to mitigate those risks?

What’s clear is that global businesses must bite the bullet and invest in cybersecurity. This isn’t simply a financial exercise. It also takes an inspired and engaged workforce to create a cultural shift within the organisation. Cybersecurity is a journey, not a destination.

For more findings on the attitudes to risk and the value of information security to the business, download the NTT Security Risk:Value Report now: