Report: Organizations recognize security risks, slow to take action

Share this article:
Report: Organizations recognize security risks, slow to take action
A recent study has found a significant gap between perceived risk and the actual safeguarding of sensitive data.

Businesses continue to struggle to prioritize safeguarding confidential data despite with 72 percent having suffered a data breach over the last year, according to a recent report.

Even though significant breaches at Target and other companies have shown just how devastating a breach can be, companies have been slow to adopt appropriate safety measures — only 51 percent of 1,587 IT executives surveyed by the Ponemon Institute for “The State of Data Centric Security,” gave high priority status to securing confidential data.

The gap between perceived risk and extant practice is surprising, Larry Ponemon, chairman and founder of the Ponemon Institute, said in a Wednesday email correspondence with SCMagazine.com, especially considering more than half, 58 percent, said the breaches their companies suffered could have been avoided.

While 79 percent understand that their companies are at serious risk when they do not where sensitive and confidential data is located — 59 percent of the retailers surveyed said that “keeps me up at night”
— many face challenges that prevent them from implementing security measures.

“Most respondents recognize the very significant business risk facing their organizations as a result of insecure data assets,” Ponemon said. “Despite this recognition, many respondents acknowledge they do not have the people, process and technology to curtail this serious risk.”

In fact, respondents indicated that they are feeling the sting of limited resources and skillsets. The report, sponsored by Informatica, found that 57 percent would like to have more skilled security professionals on staff. 

The skyrocketing volume of data alone continues to pose problems.

“The increase in data from all sources increases the risk of data breach and other privacy-related snafus for organizations,” said Ponemon. “Mobile devices, mobile workforce and employees' use of insecure cloud apps further exacerbate this risk.”

Ponemon advocates a data-centric approach to security, which, he said, establishes “a holistic framework that helps organizations cope with massive increases in both structured and unstructured data.”

Page 1 of 2
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.