DocAuthority's new report states that IT security departments are incorrectly estimating the value of business information they have in their possession. This leads to poor investment into the availability, protection and security of the data that is commercially most valuable.
The report is based on a poll of 2,827 IT professionals in the UK and the US. Asked to estimate how much money different types of data are worth, the poll uncovered that the majority was undervalued, including research and development, as well as financial reports. On the other hand, personally identifiable data (PII), which was less sensitive, was highly prioritised.
DocAuthority says this increases the chances of a data breach, the mishandling of access rights for employees, and the application of incorrect levels of security.
R&D documents were undervalued by 50 per cent. The respondents also underestimated the cost of financial report leaks. On the other hand, monthly salary lists were overpriced.
"Typically, the security and protection of business data is considered to be the responsibility of the IT Security department. Yet it’s clear from this research that IT Security does not have the vitally-important context required to understand the true value of that data, and in turn create an effective strategy for defending it,” says Doctor Larry Ponemon, Chairman and Founder of the Ponemon Institute. “Rather than being relegated to IT, data and its protection should be the concern of not only management level, but the business as a whole.”
Image source: Shutterstock/Carlos Amarillo