Ninety-four percent of IT employees feel that their perimeter security is enough to keep out the bad guys, and yet in the same survey, 68% report that unauthorized users can gain access to their network.

Sounds like a communication issue. Or is it?

In a recent study by Gemalto, findings show that employees are overly confident that they can protect their networks from hackers, but unsure about keeping their data safe.

Why does this disconnect exist when almost 1.4 billion records were lost or stolen in 2016 alone?

Shouldn't everyone be running in terror, stacking chairs against the doors of their data center to keep malicious attackers at bay? That would be some innovative perimeter security, wouldn't it?

Maybe the focus is resting too heavily on perimeter security in general. If 94% feel their perimeter security will keep out hackers, but 68% think hackers can still get access to their network, then their perimeter security is going to be pretty useless once the hackers are already inside.

This is especially true as more sophisticated campaigns persist, such as spear-phishing techniques that bypass perimeter security by design.

Once the attacker has breached the network and bypassed firewalls, 65% of IT employees are not "extremely confident" that company data would be safe, but 59% of organizations in the same survey think that all of their private data is secure.

This suggests a miscommunication between IT practitioners and management about what is really going on inside the network. Furthermore, 55% reported not even knowing where all of their data is stored!

Perhaps most shocking is the finding that 14% of IT decision makers would not trust their own company to protect their own personal data. If the key players making the decisions on how data is protected and stored can't trust their own procedures, why should consumers?

Maybe the daily onslaught of breaches spattered across the news has something to do with security confidence.

"As a result of high-profile data breaches in the news, around eight in ten (79%) respondents’ organizations have adjusted their security strategy. A third (33%) have changed their strategy a lot as a result. If organizations were confident in their ability to secure their data and their strategies to do this, they would be less likely to react to outside breaches and could concentrate instead on making better use of their data," the survey reports.

Following a breach, a large part of the conversation is shaped around the encryption of sensitive data, or lack thereof.

Eighty-nine percent of those surveyed thought that encryption is "critically or very important," yet generally only 8% of data that has been breached was encrypted.

What does this mean for companies trying to protect their data?

Perimeter security alone is not enough to properly protect sensitive data, and confidence should not rest there solely.

"It is clear that there is a divide between organizations' perceptions of the effectiveness of perimeter security and the reality," said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. "By believing that their data is already secure, businesses are failing to prioritize the measures necessary to protect their data. Businesses need to be aware that hackers are after a company's most valuable asset—data. It's important to focus on protecting this resource, otherwise reality will inevitably bite those that fail to do so."