Ian Lopez, Legaltech News
A survey of nearly
600 professionals across industries uncovered attitudes toward protecting
sensitive data.
The digital world can be a dangerous place for businesses, and concerns are elevated for those overseeing sensitive data.
In effort to uncover attitudes and priorities
for modern data risk management, Guidance Software conducted a “2016 Data Risk
and Privacy Survey.” Responses were collected from over 580 professionals in
risk management, legal, regulatory compliance, security, and IT working in
government, technology, manufacturing, healthcare, education, and financial
services.
Nearly half (46 percent) of respondents placed
the protection of “sensitive data and privacy” as one of the top three concerns
for their respective companies, with respondents in government (19 percent), IT
(15 percent) financial services (11 percent) and healthcare (10 percent)
accounting for the top five industries listing data protection as a
top-of-the-list priority. Thirty-eight percent of organizations listed data protection
as a ‘medium priority’ while only 7 percent listed it as ‘low.’
“When we surveyed and 46 percent say that
[protecting sensitive data] is a top three initiative in their organization,
it’s a priority,” Guidance Software product marketing manager Charles Choe, who
came up with the idea for the survey and was instrumental in its assembly, told
Legaltech News. “Very large enterprises, organizations that have hundreds of
thousands of nodes, they tell us that it’s a priority.”
The majority of respondents (37 percent) listed
‘regulatory and policy compliance’ as a key driver for their organization to
invest in a data management solution. This, Choe noted, is perhaps due to “a
lot of data privacy regulations” occurring across the Transatlantic, “especially
in the EU with the General Data Privacy Regulation (GDPR).” For “a lot of
organizations that are international or multinational in scope,” the GDPR has
had “a significant impact” on how companies handle data as they avoid violating
laws.
“When it comes to products and services through
the internet, just globally there’s a lot of e-commerce and a lot of traffic
that’s happening, and you can’t help but be exposed to in some degree customers
in the EU,” he said. Additionally, customers “have a higher level of
expectation and are getting more involved in how organizations are treating
customers’ data.”
“With the level of increasing expectation,
evolving data privacy overseas as well as the multinational proponents of
organizations, I think all those combine to say, ‘Hey we really need to think
about this data privacy from a regulatory perspective and make sure we’re in
compliance, because the cost of compliance is less than the cost of
noncompliance. And I think people are trying to get their ducks in a row now,”
he added.
Customer expectations appear to have had a
significant influence on companies’ approach to data, as 44 percent of
respondents listed ‘customer data’ as the ‘sensitive data’ that they were ‘most
concerned about protecting’. The second on this list was financial records,
which came in at a little over 10 percent, followed by trade secrets (9.7
percent).
When it comes to compromising customer records,
“the cost is high, from a reputational perspective, and that can bleed into a
financial impact as well,” Choe explained.
As to why concern over customer data is so
prominent, he said, “I think the penalties of noncompliance, with the
increasing protection for customers is one reason. Number two is customer
expectation, and all of that packaged together by corporate responsibility and
just making sure you’re not on the front page of the news. Because once the
customer’s confidence is lost, I think that leads to loss of or even
elimination of your business.”
The survey also looked into what locations of data
residence companies felt the most concerned about protecting. For most
respondents (30 percent), servers were of the utmost concern, followed closely
by endpoints – i.e., user desktops and laptops – at 25 percent. Choe said that
he found this somewhat surprising, as many solutions “don’t really focus on the
endpoints and focus more on file shares or servers. But the fact that 55
percent send end points and servers gave us a really good
indicator that they’re really interested in protecting sensitive information at
those entry and exit points.”
Interestingly, there was less interest expressed
in protecting file sharing (10 percent), which he thought would be seen more
toward the top of the list, as through it, many people still have access to
sensitive data. Other locations for concern include email (10 percent), content
management systems (5 percent), and the cloud (12 percent).
However, in Choe’s view, the focuses of concern
“will evolve because technology evolves.”
“A lot of organizations are using the cloud. Not
only for repositories of data, but their entire infrastructure, their
networking and everything, is moving to the cloud. Because of that, I think
we’re going to see a lot more vulnerabilities in the cloud,” Choe added.
No comments:
Post a Comment