Report: Organizations recognize security risks, slow to take action
A recent study has found a significant gap between perceived risk and the actual safeguarding of sensitive data.
Businesses continue to struggle to prioritize safeguarding confidential data despite with 72 percent having suffered a data breach over the last year, according to a recent report.
Even though significant breaches at Target and other companies have shown just how devastating a breach can be, companies have been slow to adopt appropriate safety measures — only 51 percent of 1,587 IT executives surveyed by the Ponemon Institute for “The State of Data Centric Security,” gave high priority status to securing confidential data.
The gap between perceived risk and extant practice is surprising, Larry Ponemon, chairman and founder of the Ponemon Institute, said in a Wednesday email correspondence with SCMagazine.com, especially considering more than half, 58 percent, said the breaches their companies suffered could have been avoided.
While 79 percent understand that their companies are at serious risk when they do not where sensitive and confidential data is located — 59 percent of the retailers surveyed said that “keeps me up at night”
— many face challenges that prevent them from implementing security measures.
“Most respondents recognize the very significant business risk facing their organizations as a result of insecure data assets,” Ponemon said. “Despite this recognition, many respondents acknowledge they do not have the people, process and technology to curtail this serious risk.”
In fact, respondents indicated that they are feeling the sting of limited resources and skillsets. The report, sponsored by Informatica, found that 57 percent would like to have more skilled security professionals on staff.
The skyrocketing volume of data alone continues to pose problems.
“The increase in data from all sources increases the risk of data breach and other privacy-related snafus for organizations,” said Ponemon. “Mobile devices, mobile workforce and employees' use of insecure cloud apps further exacerbate this risk.”
Ponemon advocates a data-centric approach to security, which, he said, establishes “a holistic framework that helps organizations cope with massive increases in both structured and unstructured data.”