Gemalto has released the findings of its fifth-annual Data Security Confidence Index, which indicates that two in three companies (65%) are unable to analyze all the data they collect and only half of the companies know where all of their sensitive data is stored. The study further reveals that more than two thirds of organizations (68%) admit they don’t carry out all the procedures in line with data protection laws such as GDPR.
Around 1,050 IT decision makers and 10,500 consumers worldwide were surveyed as part of the study. The study found that business’ ability to analyze the data they collect varies worldwide with India (55%) and Australia (47%) best at using the data they collect.
“If businesses can’t analyze all of the data they collect, they can’t understand the value of it – and that means they won’t know how to apply the appropriate security controls to that data,” says Jason Hart, vice president and CTO for Data Protection at Gemalto.
“Whether it’s selling it on the dark web, manipulating it for financial gain or to damage reputations, data that is unsecured is a goldmine for hackers. You only need to look at the recent hacks on the World Anti-Doping Agency and International Luge Federation to see the damage that can be done. What’s more, data manipulation can take years to discover, and with data informing everything from business strategy to sales and product development, its value and integrity cannot be underestimated.”
The study reveals that the overall confidence in securing the breach is low.When it comes to how data is being secured, the study found that almost half (48%) of IT professionals say perimeter security is effective at keeping unauthorized users out of their networks. This is despite the majority of IT professionals (68%) believing unauthorized users can access their corporate networks, with Australian companies being the most likely (84%) and the UK the least (46%). However, once the hackers are inside, less than half of companies (43%) are extremely confident that their data would be secure. UK businesses are the most concerned with just 24% prepared to say they’re extremely confident, with Australia the highest (65%).
Even though there is still faith in how they’re securing their networks, one third (27%) of companies reported that their perimeter security had been breached in the past 12 months. Of those that had suffered a breach at some point, only 10% of that compromised data was protected by encryption, leaving the rest exposed.
According to the study, a growing awareness of data breaches and communications around GDPR have led to the majority (90%) of consumers believing that it is important for organizations to comply with data regulations. In fact, over half (54%) are now aware what encryption is, showing an understanding of how their data should be protected.
“It’s time organizations got their houses in order; starting with who oversees their data security. A central figure such as a Data Protection Officer – essential in some circumstances under GDPR – must be appointed to the board to lead data security from the top down. Next is having more insight and analysis on the data collected to ensure that it is both correctly protected and enabling more informed business decision making. Organizations must realize that it’s no longer a case of if, but when a breach occurs, and protect their most valuable asset – data – through encryption, two-factor authentication and key management, rather than solely focusing on perimeter protection,” Hart further added.