1This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

OPEN

2018 Thales Data Threat ReportTrends in Encryption and Data SecurityEuropean Edition

2This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

THALES GROUP INTERNAL

2018 Thales Data Threat Report – respondent demographics

▌ European Enterprises100% - €84M+, £74M, US $100M67% - €420M+, £370M, US $500M39% - €840M+, £740M, US $1B

U.S.

Sweden

U.K.Netherlands

GermanyJapan

Korea

India

1,200+ SENIOR IT SECURITY EXECUTIVES SURVEYED GLOBALLY | 100 EACH UK, DE, NE, SWE |100 EACH KOREA, INDIA, JP | 500 U.S. TOTAL

3This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

THALES GROUP INTERNAL

Data under siege across Europe

71% 32% 14%

Breached everAlmost 3 out of 4

have encountered a data breach

Breached in the last year

Breached multiple times

Have been breached in the last year and previously

European data breach rates by country

U.K.

37%

67%

Germany

33%

66%

Netherlands

27%

74%

Sweden

30%

78%

Breached ever Breached in the last year

Rates of data breaches across Europe

Breaches rise even as digital transformation expands threat landscapes and GDPR enforcement increases the painful consequences of a data breach

4This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

THALES GROUP INTERNAL

Garrett Bekker –Principal Analyst for Information Security, 451 Research

Doing what we have been doing for decades is no longer working. The more relevant question on the minds of IT and business leaders is directly spoken: “What will it take to stop the breaches?”

5This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

THALES GROUP INTERNAL

Data Security threats have changed and evolvedSecurity strategies have not

IT Security pros know data at rest security is most effective at protecting sensitive information – but aren’t prioritizing increased spending

Data of rest defences

Data in motion defences

Analysis & correlation tools

Network defences

Endpoint & mobile device defences

36%

73%

42%

72%

44%

69%

44%

68%

51%

60%

Rated very or extremely effective

Spending Increase

6This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

THALES GROUP INTERNAL

Digital transformation is increasing risks

The problem: massive adoption combined with sensitive data

Adoption rates for digitally transformative technologies

Use Big Data Implement IoT Use Containers Working on or using mobile payments

Blockchain project implemented or in process

Use cloud

100% 97% 94% 94% 92% 92%

Rates of sensitive data use with digital transformation technologies

77% Cloud

41% Big Data

33% IoT

25%Containers

39%Mobile Payments

26%Blockchain

7This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

THALES GROUP INTERNAL

How are enterprises responding? Increasing spending

IT Security Spending Plans For 2018

27%

21%

Much higherSomewhat higher

The same

Lower 8%

Garrett Bekker, 451 Research Principal Analyst, Information Security and author of the 2018 Thales Data Threat Report

"In Europe, as in the rest of the world, reports of major security breaches continue unabated, despite global efforts to fight back with increased security spending.”

45%

8This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

THALES GROUP INTERNAL

How are enterprises responding? Making changes

Changing to address data privacy requirements

44%

12%

Encrypting personal data

Tokenising personal data

Migrating data

Using local cloud providers11%

21%

Implementing Data Security Tools To Protect DataImplementing these tools now

55%Data masking

54%Database and file encryption

50%Identity and access management

50%SIEMSIEM

9This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

THALES GROUP INTERNAL

Cloud usage is the top problem

CloudThe top IT security spending priority

Using sensitive dataIn cloud environments

Using cloudEvery enterprises

using at least one of SaaS, IaaS or PaaS

100% 40% 77%

Multi-cloud usage is high, bringing even more risk 55%

56%

63%

Using 3 or more PaaS environments

Use more than 25 SaaS applications

Use 3 or more IaaS vendors

Garrett Bekker –Principal Analyst for Information Security, 451 Research

“As organisations increasingly engage with multiple cloud providers, who maintains control over encryption keys has become a huge potential issue, particularly for those who take advantage of native encryption services.”

10This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

THALES GROUP INTERNAL

Cloud computing concerns and required security tools

Top Concerns with Cloud Computing

57% 55% 54% 52%

Security breaches/attacks at the

service provider

Lack of control over data location/data residency concerns

Managing monitoring and deploying multiple cloud

native security tools

Custodianship of encryption keys

Top IT Security Tools Needed to Expand Cloud Computing Use

43% 42%39% 39% 39%

Encryption with enterprise key management

Encryption with CSP key

management

SLAs for a data breach from the CSP

Compliance commitments

Detailed physical and IT security

information

Garrett Bekker –Principal Analyst for Information Security, 451 Research

“European respondents also identified encryption with keys controlled by the service provider (43%) as the top security control for public cloud, with a slight edge over encryption with local/ customer key control (42%)”“This is a potential problem since they don’t really have full control over their data if they don’t control the keys”

11This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

THALES GROUP INTERNAL

Controlling data in the cloud

57%Very or extremely concerned about custodianship of cloud

encryption keys

42%Would increase cloud use if able to control their own encryption

keys from their data center

58%Are very or extremely concerned about managing encryption keys across multiple cloud providers

Garrett Bekker –Principal Analyst for Information Security, 451 Research & Author of the 2018 Thales Data Threat Report

“As organisations increasingly engage with multiple cloud providers, who maintains control over encryption keys has become a huge potential issue, particularly for those who take advantageof native encryption services”

12This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

THALES GROUP INTERNAL

Everybody is using Big DataSensitive data use compounds problems

97%Of European enterprises now use big data

41%Are using sensitive datawithin big data environments today

Top concerns for sensitive datawithin big data environments What’s needed to speed Big Data adoption?

Security of reports

Lack of nativesecurity frameworks

Sensitive data may be anywhere

Privacy violations

Discovering where sensitive data may be located within the environment

34%

33%

32%

29%

30%

31%

Sensitive data discovery/

classification

37%

System level encryption and access controls

32%

Compliance certifications

34%

Improved monitoring and reporting tools

40%

Stronger userauthentication

13This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

THALES GROUP INTERNAL

Mobile payments on the riseEncryption Required

92%Using or planning to use mobile payments

39%Are using sensitive data with mobile applications

Top concerns with mobile payments Encryption a key tool enabling safe use of mobile payments

19%22%

52%

Already in production

In pilot or testing

Evaluating

34%

Fraudsters –new account

fraud

38%

Payment card information

37%

Fraudsters –account takeover

37%

Weak authentication

39%

PII data

Encryption establishes secure identity with digital birth certificates for mobile devices

Encryption protects data-in-transit

Encryption protects data on devices

Encryption and access controls help organisations meet compliance requirements for back end data stores

14This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

THALES GROUP INTERNAL

IoTEncryption required

92%Using or planning to use IoT this year

33%Are using sensitive data with IoT applications

Top IT Security controls needed for further IoT adoption

Encryption a key tool enabling safe use of IoT

32%33%

35%

Manufacturing

Power/Energy

Environmental

33%

Behaviouralanalytics/

anomaly detection

48%

Encryption of IoT data

39%

Separate IoT networks with

gateways

41%

Secure digital IDs for IoT devices

(Digital birth certificates)

48%

Anti-malware

Encryption establishes secure identity with digital birth certificates for IoT devices

Encryption protects data-in-transit

Encryption protects data on devices

Encryption and access controls help organisations meet compliance requirements for back end data stores

Top IoT Uses

15This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

THALES GROUP INTERNAL

Encryption – a keystone technologyFor protecting data

Encryption helps to drive adoption of the technologies needed for digital transformation

43%

37%

48%44%

Cloud: The top tool for more cloud use

IoT: Encryption the top tool to increase ability to use IoT

Containers: Encryption drives Container usage

Big Data: Encryption needed to drive adoption

Privacy Requirements: Encryption the top tool needed to meet privacy requirements such as European GDPR

44%Encryption tools 4 of the top 5 data security tools planned this year (but not yet implemented):

44%BYOK

43%Tokenisation

43%Data access monitoring

42%Hardware Security

Modules

41%Enabling cloud-

native encryption capabilities

16This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

OPEN

2018 Thales Data Threat ReportTrends in Encryption and Data SecurityEuropean Edition