1This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

2018 Thales Data Threat ReportTrends in Encryption and Data Security

Retail Edition

2This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

2018 Thales Data Threat Report – Respondent Demographics

▌ 100 U.S. Retail Enterprises100% US $250M+62% - US $1B+23% - US $2B+

U.S.

Sweden

U.K.Netherlands

GermanyJapan

Korea

India

1,200+ SENIOR IT SECURITY EXECUTIVES SURVEYED GLOBALLY100 EACH INDIA, KOREA, JP, UK, DE, NE, SWE

500 U.S. TOTAL – 100 EACH RETAIL, HEALTHCARE, FINANCIAL SERVICES, FEDERAL GOVERNMENT

3This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

Data Under Siege in U.S. Retail

75% 50% 26%

Breached ever3 out of 4

have encountered a data breach

Breached in the last year

Half breached in the last year

Breached multiple times

Have been breached in the last year and previously

Comparative breach rates – U.S. verticals

U.S. Federal Government

57%70%

U.S. Healthcare

48%

77%

U.S. Financial Services

36%

65%

U.S. Retail

50%

75%

Breached ever Breached in the last year

Rates of data breaches for U.S. Retail

Breaches rise even as digital transformation expands threat landscapes

4This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

Digital Transformation is Increasing Risks

The problem: massive adoption combined with sensitive data in India

Adoption rates for digitally transformative technologies

Use Big Data Implement IoT Working on or using mobile payments

Blockchain project implemented or in process

Use cloud

100% 95% 99% 98% 92%

Rates of sensitive data use with digital transformation technologies

85% Cloud

56% Big Data

47% IoT

39%Containers

34%Mobile Payments

31%Blockchain

5This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

Garrett Bekker –Principal Analyst for Information Security, 451 Research

Doing what we have been doing for decades is no longer working. The more relevant question on the minds of IT and business leaders is directly spoken: “What will it take to stop the breaches?”

6This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

Data Security Threats have Changed and EvolvedSecurity Strategies have Not

IT Security pros know data at rest security highly effective at protecting sensitive information – but aren’t prioritizing increased spending

Data of rest defenses

Data in motion defenses

Analysis & correlation tools

Network defenses

Endpoint & mobile device defenses

57%

89%

62%

90%

69%

91%

64%

89%

72%

77%

Rated very or extremely effective

Spending Increase

7This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

How Are Enterprises Responding? Massive Spending Increases

IT Security Spending Plans For 2018 in U.S. Retail

28%

7%

Much higherSomewhat higher

The same

Lower 9%

Garrett Bekker, 451 Research Principal Analyst, Information Security and author of the 2018 Thales Data Threat Report

"Quite possibly in response to an uptick in breaches, 84% of U.S. retail respondentssay their organizations will increase IT security spending this year, up sharply from last year (77%)."

56%

8This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

How Are Enterprises Responding? Making Changes

Changing To Address Global and Local Data Privacy Requirements

49%

12%

Encrypting personal data

Tokenizing personal data

Migrating data

Using local cloud providers13%

12%

Implementing Data Security Tools To Protect Sensitive InformationImplementing these tools now

75%Data Access Monitoring

67%Database and file encryption

63%Data Loss Prevention tools (DLP)

74%Data masking DLP

9This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

Cloud Usage is the Top Problem

CloudThe top IT security spending priority

this year

Using sensitive dataIn cloud

environments

Using cloudEvery enterprise

using at least one of SaaS, IaaS or PaaS

100% 49% 85%

Multi-cloud usage is high, bringing even more risk 57%

58%

66%

Use 3 or more PaaSenvironments

Use more than 25 SaaS applications

Use 3 or more IaaS vendors

Garrett Bekker –Principal Analyst for Information Security, 451 Research

“As organizations increasingly engage with multiple cloud providers, who maintains control over encryption keys has become a huge potential issue, particularly for those who take advantage of native encryption services.”

10This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

Cloud Computing Concerns and Required Security Tools

Top Concerns with Cloud Computing

80%79% 78% 78%

Security breaches/attacks at the

service provider

Lack of control over data location/data residency concerns

Shared infrastructure vulnerabilities

Security of data if cloud provider

acquired

Top IT Security Tools Needed to Expand Cloud Computing Use

50% 49% 49% 48%38%

Encryption with CSP key

management

Encryption with enterprise key

management

Detailed physical and IT security

information

Compliance commitments

SLA terms in the event of a data

breach

Garrett Bekker –Principal Analyst for Information Security, 451 Research

“Overall, U.S. retail is much more concerned about the IT security threats posed by theuse of public cloud, likely because U.S. retail organizations are more likely to both usecloud and store sensitive data within cloud resources”

11This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

Controlling Data in the Cloud

67%Very or extremely concerned about custodianship of cloud

encryption keys

49%Would increase cloud use if able to control their own encryption

keys from their data center

72%Are very or extremely concerned about managing encryption keys across multiple cloud providers

Garrett Bekker –Principal Analyst for Information Security, 451 Research & Author of the 2018 Thales Data Threat Report

“As organizations increasingly engage with multiple cloud providers, who maintains control over encryption keys has become a huge potential issue, particularly for those who take advantageof native encryption services”

12This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

Everybody is Using Big DataSensitive Data Use Compounds Problems

95%Of enterprises in India now use big data

56%Are using sensitive datawithin big data environments today

Top concerns for sensitive datawithin big data environments What’s needed to speed Big Data adoption?

Sensitive data may be anywhere

Security of reports

Lack of security frameworks

Privacy violations

Lack of effective access controls

43%

38%

32%

32%

30%

36%

Compliance certifications

44%

Improved monitoring and

reporting

39%

Stronger authentication

40%

Encryption and access controls

46%

Analyze and use encrypted

data within the data lake

13This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

Mobile Payments on the RiseEncryption Required

98%Using or planning to use mobile payments

36%Are using sensitive data with mobile applications

Top concerns with mobile payments Encryption a key tool enabling safe use of mobile payments

18%48%

32%

Already in production

In pilot or testing

Evaluating

45%

Fraudsters –new account

fraud

49%

Payment card information

50%

Fraudsters –account takeover

43%

Weak authentication

45%

PII data

Encryption establishes secure identity with digital birth certificates for mobile devices

Encryption protects data-in-transit

Encryption protects data on devices

Encryption and access controls help organizations meet compliance requirements for back end data stores

14This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

IoTEncryption Required

99%Using or planning to use IoT this year

47%Are using sensitive data with IoT applications

Top IT Security controls needed for further IoT adoption

Encryption a key tool enabling safe use of IoT

38%39%

42%

Environmental Monitoring

Power/Energy

Manufacturing

47%

Behavioral analytics/

anomaly detection

56%

Encryption of IoT data

49%

Separate IoT networks with

gateways

54%

Secure digital IDs for IoT devices

(Digital birth certificates)

65%

Anti-malware

Encryption establishes secure identity with digital birth certificates for IoT devices

Encryption protects data-in-transit

Encryption protects data on devices

Encryption and access controls help organizations meet compliance requirements for back end data stores

Top IoT Uses

15This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

Encryption – A Keystone TechnologyFor Protecting Data

Encryption helps to drive adoption of the technologies needed for digital transformation

49%

44%

65%46%

Cloud: Encryption the top control needed for more cloud

IoT: Encryption the top tool to increase ability to use IoT

Containers: Encryption drives Container usage

Big Data: Encryption needed to drive adoption

Privacy Requirements: Encryption the top tool needed to meet privacy requirements such as European GDPR

49%Encryption technologies 3 of the top 5 data security tools for this year(currently implementing):

43%CASB/Cloud Encryption Gateway

42%Security Information

and Event Management

40%ApplicationEncryption

38%Multifactor

Authentication

35%Tokenization

SIEM

16This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part, or disclosed to a third party without prior written consent of Thales - Thales © 2017 All rights reserved.

2018 Thales Data Threat ReportTrends in Encryption and Data Security

Retail Edition