The confidence that customers have around the ability of their employer to look after data and stay on the right side of the law is shocklingly low given that more legislation is coming to increase the responsibility of firms to secure information.
With changes in the EU data protection regulations on the horizon, which would include measures that force firms to disclose data breaches and face punitive fines, Sophos research has found that many people still believe security is too lax.
According to findings from research carried out for Sophos across the UK, Germany and France only 23% of respondents were confident that their employers were complying with current data protection requirements.
A similar number revealed that their organisations encrypted data, leaving more than two thirds potentially allowing information to leave the network without any protection.
James Lyne, global head of research at Sophos, said that the prospect of much tighter EU data protection laws would shake things up because firms would face fines and loss of reputation if they failed to prevent breaches.
"The risk of such an extreme financial cost as a result of failure means the chief security officer will be more aware," he added that the potential ramifications on reputation from issuing notifications of a breach to customers would also be something many firms wanted to avoid.
The pressure on customers is increasing as a result of BYOD and the demand from both customers and staff to communicate over multiple channels but as a result the need to restore confidence in data handling was something that had become a major issue across the EU.
Sophos found that there was a fairly strong appetite across the major European territories for tougher data protection laws, with 61% agreeing that tighter regulations were needed. That figure was slightly higher in Germany and lower in the UK, where 60% of staff revealed that their company had a data protection policy and had clearly communicated it to staff.
The prospect, potentially from late next year, of fresh EU data protection legislation is already something that should be providing security resellers with a chance to talk to customers about their current strategy and plans for the future.