Cybersecurity: Why businesses in EMEA are behind the US

Recently released, the 2018 State of the Firewall Report 2018 – FireMon’s fourth annual survey of over 300 security practitioners around the world – found chronic deficiencies in basic firewall hygiene. Respondents were clear that chaos and confusion reign with existing firewall infrastructure, and next-gen architectures promise to add even more complexity and risk.

But how do the EMEA results differ from the overall results? They certainly make for some surprising reading.

According to the May 2017 strategic note Building an Effective European Cyber Shield from the European Political Strategy Centre, a 2014 study estimated the economic impact of cybercrime in the Union to stand at 0.41% of EU GDP, with Europol later estimating the cost at 265 billion euro per year. In addition, the European Union Network and Information Security Agency (ENISA) reports that while record growth was seen in security investments in 2017, this did not deter the growth of cyberattacks, data breaches, and information loss.

Given these numbers, you’d think cybersecurity and firewall management would be a top priority. But that is not what our survey showed.

Despite the reports of increasing risks, attitudes towards the firewall are not changing in EMEA, according to our report. US respondents are more likely to say the firewall is “more critical than ever before”, whereas respondents in EMEA view do not see an increase in criticality; they see the firewall as just as critical as always, regardless of the increase in threats.

Businesses in EMEA also have a different view of firewall management as part of cloud services. According to our findings:

  • EMEA respondents have less hybrid/public cloud adoption than the US
  • 48% respondents from the US who have partially adopted cloud services view firewall services with high value, whereas only 7% of EMEA respondents see firewall services this way
  • EMEA respondents are less likely to know who is responsible for cloud operations, with 33% respondents saying they weren’t sure who was responsible, versus 17% in the US
  • EMEA respondents are less likely to use third-party firewalls in their cloud environments than the US

From an innovation standpoint, EMEA is less likely to embrace technological advances with EMEA respondents less likely to consider or use Software-Defined Networking (SDN) (24%) or Virtualization (33%) than the US, at (44%) and (57%) respectively.

So why could this be?

It may be that certain organisations in EMEA aren’t aware of the risks of firewall failures in cloud environments. Overall, US businesses tend to be more cognisant of the risks. From a cloud perspective, we can cite numerous examples of a breach routed in a third-party cloud environment that did not follow the same policy as the on-premises environment. In the US, one high-profile example is the cloud security breach at Target, which was a wake-up call to businesses and consumers alike.

EMEA businesses may work with the cloud in a piecemeal way to reduce compliance issues, and increase the chances of a cloud project being given the go-ahead. We’re certainly seeing that through our conversations with customers. As more cloud transformation teams form inside small- to medium-sized organisations, we’ll also see responsibilities shifting in terms of how cloud environments are run – and who will take ultimate responsibility for them.

For more information, you can download the full report here, or contact us for more information.