Four in ten organisations did not experience a security breach in 2015 and believe they are less vulnerable than a year ago, according to research.
In a survey of IT professionals, 43% said their organisation did not suffer a breach last year, compared to 30% who did. However, a quarter (27%) thought their organisation was less vulnerable a year ago.
More than twice as many said their time to detect a threat decreased in 2015 than those who said it increased (42% versus 18%), and 38% said their time to respond to a threat decreased, compared to 28% who said it increased.
Organisations whose security posture improved over the past year found success by implementing a handful of vital security technologies and best practices.
Among those who said their organisations are less vulnerable than a year ago, respondents pointed to the introduction or improvement of tools such as patch management, configuration change management, intrusion prevention and detection, data encryption, log analysis, and identify management.
Endpoint security software topped the list of the most important technologies or practices for ensuring IT security, with 81% identifying it as critical or very important, followed by patch management software (75%) and identity and access management tools (68%).
More than half also identified configuration management software (58%) and SIEM software (51%) as critical or very important to ensuring IT security.
But despite these positive developments, IT departments must still be vigilant against the threat and consequences of security breaches.
Of those whose organisations experienced a security breach in 2015, 38% said the breaches were of medium to major severity.
More than three-quarters (77%) of the organisations breached in 2015 store customer data, with a third of those storing data on at least 100,000 customers.
Three in ten respondents said they expect their organisations to suffer a security breach in 2016, with 79% of them storing customer data and 38% storing customer banking information.
>See also: Busting the 7 myths of cyber security
Increasingly distributed data and the increasing sophistication of attacks tied as the number one factor most commonly thought to make an organisation more vulnerable.
“The most surprising finding of the survey is just how many UK organisations are less vulnerable today than they were a year ago, and, on a related note, how many have implemented security technologies and better security training,” said Mav Turner, director of business strategy at SolarWinds, which commissioned the research.
“While this is a sign the industry is trending in the right direction, it’s important for IT professionals to never get too confident in their organisations’ security posture, which could potentially result in overestimating one’s defences.”