LONDON – February 16, 2015 – A new survey from Palo Alto Networks has revealed much work is still to be done in the area of collaboration and sharing responsibility when it comes to preventing cyber breaches – both pivotal actions for organisations across Europe to avoid significant fines and reputational damage.

The key insight from the Europe-based survey was that a significant amount of accountability is placed solely on the shoulders of IT, with nearly half (46%) of managers believing that ultimate responsibility for protecting an organisation from cybersecurity risk lies with IT. A significant portion (57%) of the IT department itself agrees that they, themselves, hold sole domain over a company’s security

The findings come against the backdrop of the European Union reaching an agreement on the General Data Protection Regulation (GDPR), which will require companies to comply with state-of-the-art cybersecurity requirements. These will help businesses reduce the risk of breaches and avoid fines of €10M–20M (or 2%–4% of total worldwide annual turnover). The regulation also assigns responsibility to anyone who has access to data in the event of a breach – from customer service to IT and executives.

Many leaders still grapple with understanding cybersecurity

The results suggest that disagreement on where the duty lies could stem from some lack of cybersecurity understanding at the leadership level. When asked directly, more than 1 in every 10 (13%) C-level respondents said they “kind of” understand what defines an online security risk to a business and “still have to use Google to help explain it.”

While the majority of respondents demonstrated a growing understanding of the cyber risks that businesses face, when looking up at their leadership, 1 in 10 employees still doesn’t believe the company’s executives or board have a relevant or accurate understanding of current cybersecurity issues in order to effectively prevent cyberattacks from compromising their organization’s computing environment.

Definition of “success” required to establish roles

Regulation and frameworks will standardise measures of success in relation to cybersecurity effectiveness; however, internal agreement is required in the meantime to allow for roles and responsibilities to be defined and for businesses to reach consensus on a unified approach.

The survey results highlight that the way in which organisations measure security does not provide a holistic view of all elements of risk. Currently, 1 in 4 (25%) companies measures cybersecurity effectiveness by how many incidents have been blocked by a cybersecurity policy; 1 in 5 (21%) refers to how long it took an issue to be resolved. Thirteen percent observe how long it has been since the last incident. Pre-emptive and real-time measures, such as an organisation’s ability to monitor all the traffic in its network, need to be taken into an account to provide an accurate view of risk.


  • “The new EU regulations will require businesses to step up their cybersecurity practices, and this can be an opportunity or a risk, depending on how these businesses choose to approach it. Ultimately, it is critical that managers recognise that, when it comes to cybersecurity, the onus is on everyone – it’s no longer a dark art but an everyday business practice that must pervade every level of the organisation.”

- Greg Day, vice president and regional chief security officer, Europe, Middle East and Africa, Palo Alto Networks

Recommendations for European organisations

Palo Alto Networks recommends organisations take the following steps to strengthen their computing environments against cyberattacks:

  1. Build a cybersecurity strategy focused on preventing cyberattacks at every step of the attack lifecycle, taking employee awareness and accountability into account.
  2. Use automated, state-of-the-art security technology that not only complies with regulations but also enables employees to work efficiently with the tools they need.
  3. Educate everyone in the business on the role they play in preventing successful cyberattacks on the organisation.

Research methodology

The survey was conducted online among 765 business decision-makers in companies with 1,000+ employees in the U.K., Germany, France, the Netherlands and Belgium by Redshift Research in October 2015.


Palo Alto Networks is the next-generation security company, leading a new era in cybersecurity by safely enabling applications and preventing cyber breaches for tens of thousands of organizations worldwide. Built with an innovative approach and highly differentiated cyberthreat prevention capabilities, our game-changing security platform delivers security far superior to legacy or point products, safely enables daily business operations, and protects an organization’s most valuable assets. Find out more at

Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Media contacts

Katherine James
Senior Manager, EMEA Public Relations and Analyst Relations
Palo Alto Networks
+44 (0)7887 522919