A recent study carried out by dataIQ has indicated that data and its security is now a "board room issue”, with more than 60% of data professionals questioned confirming that data security is addressed at this level.
The results indicate that data security and compliance are now being taken more seriously by many organisations. However, 25% of those surveyed said that the issue is only "taken seriously in limited parts”, indicating that there is some way to go before robust data security is thought to be "essential”.
Just 20% believed that security surrounding data is increasing, as opposed to a more encouraging 60% stating that risk is decreasing.
"When asked how aware they believed their organisations to be of the current financial penalty regime a majority (52%) believed that the right people are completely aware – again reflecting a relatively strong awareness of data security,” the report said.
"When questioned about the clarity of individual data security responsibilities our data professionals were very positive,” it continued.
The results are encouraging and show that most organisations have a firm grip on regulatory requirements when it comes to data, especially financial. However, whilst 76% of respondents said that they understand the security requirements, the remaining 26% obviously have some work to do.
The report also found that for the most part, businesses are becoming more organised when it comes to risk assessments, with around 70% carrying out their own audits to ensure they meet with compliance requirements. Further to that, it was found that 40% of businesses undertake their own security audits.
However, some 10% of organisations were found to never carry out checks relating to data security, indicating that these are willing to take the risk when it comes to penalties. It’s thought that this is usually down to time and cash flow constraints.
Most organisations have some control over who accesses restricted data though and whilst there is obviously still work to do when it comes to data security, the overall picture is encouraging. There remain issues around malware attacks though, with 12% of those surveyed reporting some kind of attack within the organisation. For the most part, many didn’t see this as an issue, with 80% reporting that it didn’t present "any significant threat”.
Data loss through misplaced portable devices are becoming an increasing concern though as many users fail to encrypt data on laptops or USB sticks. This leaves organisations open to large fines should the device contain sensitive data and it’s thought that businesses need to invest more in training staff on the dangers of unencrypted data falling into the wrong hands.
Further to this: "Data theft by staff and use without permission by third parties are becoming significant threats”, which can not only lead to hefty fines, but brand damage and commercial disadvantage.
DataIQ will be hosting an event to help organisations overcome issues surrounding data security, staff and the importance of preventing data becoming a liability, rather than an asset. The event, which will take place on 5 March 2014 in London, is intended to help businesses of all sizes understand risk, assess current security and prevent data leakage.
In light of the recent news from Barclays Bank that an investigation is being held following the loss of 17,000 customer records, organisations need to be aware of all possible scenarios when it comes to preventing such loss.
The Information Commissioner’s Office (ICO) is working with Barclays and the police to determine the cause of the data loss, which relates to customer’s earnings. Should it be found that Barclays are at fault, they could be fined up to £500,000 for the breach.