Businesses know the data they hold on their networks is valuable, they just don’t know how valuable. Some have taken no action to determine the value of their data, as well. The information was released by security consultant firm IRM.
In its Risky Business Report, the company says 28 per cent of CISOs categorise their data to determine the value. More than half (55 per cent) have done some work, while 17 per cent have done no work whatsoever. Such action is important to evaluate any risk associated with data loss.
Not knowing the value makes creating any risk strategy that much harder, says Charles White, Founder and CEO of IRM.
“The fact that more than a third of CISOs have no clear view of what assets they have in their networks is very worrying – how can you plan your cyber security investment accurately if you don’t know what you are protecting and how much it is worth? It is essential to know the value of the data stored and what its loss would cost the company across criteria such as cost of replacement, lost productivity, lost business, and damage to reputation,” he says.
“Businesses that are unable to identify and locate data assets will also be unable to react quickly and decisively when a breach does occur, leaving them unable to identify the damage or notify those affected. They are also likely to fall foul of regulations like the EU General Data Protection Regulation. The UK may be leaving the EU, but any firms trading into the EU could still be fined for up to four per cent of their global turnover in the event of a breach.”
But there is also good news – the attitude of the senior executives has changed, and discussing cyber-issues is now rarely a problem. The human factor has also been determined as the primary concern.
Image source: Shutterstock/Wright Studio