Businesses "are failing to protect their top data assets"

DataIQ News

Companies are putting themselves at risk of losing their most valuable business information by following a "one-size-fits-all" approach to data security.

A survey carried out by the Ponemon Institute for data management company DocAuthority found that when asked to estimate the value of different types of business information held, IT security departments undervalued R&D and financial report documents, while excessively prioritising less sensitive PII-related data.

This increases the chance of a major data breach, the mishandling of access rights for employees and the application of incorrect levels of security to low value documents, the report claims.

For instance, IT security departments estimated the value of R&D documents at less than 50% of what the business would estimate their worth, predicting that it would nearly $307,000 (£240,000) to reconstruct an R&D document compared to $705,000 (£551,000) as estimated by the R&D department itself.

They also underestimated financial impact of a financial report being leaked, at about $132,000 (£103,000) against the $303,000 (£234,000) that the finance department believes it would incur from this incident.

In contrast, IT security departments overvalued monthly salary lists at just over $94,000, compared to $57,000 (£44,000), the value attributed to the same asset by HR.

"It is clear from this research that IT security does not have the context required to understand the true value of data, and in turn create an effective strategy for defending it," said Larry Ponemon, chairman and founder of the Ponemon Institute. "Rather than being relegated to IT, data and its protection should be the concern of not only management level, but the business as a whole."

DocAuthority chief executive Steve Abbott added: "Only around 5% of data retained by businesses will be crucial to running the current and future organisation. Despite this, most businesses still apply unrepresentative, or 'one size fits all' levels of security to their data assets. Businesses need to consider how they can take a more strategic and cost-effective approach by identifying critical data that is worth security investment.

"It's important to consider that obscurity around data could have far reaching ramifications. Despite company data being a hugely valuable business asset, organisations rarely have a clear view of what they own and what it's worth. As a result, within the context of a sale for example, data assets are likely to be overlooked as part of a business's valuation. We are confident that this will change as the business world starts to understand how data can impact a business's bottom line."