business assets by more than 50 percent
ATLANTA (BUSINESS WIRE) #AI IT Security departments are incorrectly estimating the value of business
information, leading to insufficient investment into the availability,
protection and security of the most commercially valuable types of
documents a business holds, according to new research from thePonemon
Institute
.
The research, which was commissioned by leading data management company DocAuthority ,
surveyed 2,827 professionals in the United States and United Kingdom
across seven functional areas. The results found that when asked to
estimate the monetary value of different types of business information,
IT Security departments undervalued documents including research and
development (R&D) and financial reports, while excessively prioritizing
less sensitive Personally Identifiable Information (PII) data.
This increases the chance of a major data breach, the mishandling of
access rights for employees, and the application of incorrect levels of
security to low-value documents:
IT Security departments estimated the value of R&D documents at lessthan 50 percent of what the business would estimate their worth,
predicting that it would cost $306,545 to reconstruct an R&D document
compared to $704,619 as estimated by the R&D department itself IT Security departments also underestimated financial impact of a
financial report being leaked, at $131,570 versus the $303,182 that
the Finance department believes it would incur from this incident In contrast, IT Security departments overvalued monthly salary lists
at $94,148, compared $57,477, the value attributed to the same asset
by Human Resources
“Typically, the security and protection of business data is considered
to be the responsibility of the IT Security department. Yet it’s clear
from this research that IT Security does not have the vitally-important
context required to understand the true value of that data, and in turn
create an effective strategy for defending it,” says Doctor Larry
Ponemon, Chairman and Founder of the Ponemon Institute. “Rather than
being relegated to IT, data and its protection should be the concern of
not only management level, but the business as a whole.”
Steve Abbott, the CEO of DocAuthority, comments: “Only around five
percent of data retained by businesses will be crucial to running the
current and future organization. Despite this, most businesses still
apply unrepresentative, or ‘one size fits all’ levels of security to
their data assets. Businesses need to consider how they can take a more
strategic and cost-effective approach by identifying critical data that
is worth security investment. While a manual scan of unstructured data
held by a typical 5,000 seat organization could take up to 400 years,
Artificial Intelligence (AI) tools can help businesses identify and
categorize data with an unprecedented level of accuracy, in a rapid
timeframe.”
Steve Abbott adds, “It’s important to consider that obscurity around
data could have far reaching ramifications. Despite company data being a
hugely valuable business asset, organizations rarely have a clear view
of what they own and what it’s worth. As a result, within the context of
a sale for example, data assets are likely to be overlooked as part of a
business’s valuation. We are confident that this will change as the
business world starts to understand how data can impact a business’s
bottom line.”
Notes to editors
Ponemon has developed a framework of six criteria to more accurately
assess the value of corporate data. By assigning a rank of the
importance of each element on a scale of 1 = not important to 10 =
essential, they have a better chance of aligning their security strategy
with their most valuable assets:
Intrinsic value Pertains to how correct, complete andexclusive is this data Business value Relates to how good and relevant is this data
for specific purposes Performance value Pertains to how does this data affect key
business drivers Cost value Refers to what would it cost the organization if
the data was lost or leaked outside Market value Links to what your organization can earn from
selling or trading this information Economic value Pertains to how the information contributes to
the organization’s bottom line
The full report can be accessed here: http://bit.ly/2QlbO24
About DocAuthority
DocAuthority is a leading document control solutions company. It offers
organizations a broad, yet business-friendly, security policy utilizing
AI to help automatically discover and accurately identify unstructured
and unprotected sensitive documents to help prevent them from falling
into the wrong hands. DocAuthority works with enterprise-size
organizations in all sectors including the healthcare, retail,
technology, energy, public sector, telcos, services and financial
services sectors to help these businesses understand the risk they face
and design an effective mitigation plan to improve the security of
sensitive data. Founded by Ariel Peled and Itay Reved in 2013,
DocAuthority is a global company headquartered in Raanana, Israel and is
managed by the people who pioneered DLP. To learn more about
DocAuthority, visit www.DocAuthority.com .
Contacts
General enquiries:
Mike Quinn,
DocAuthority
E: mike.quinn@docauthority.com
U.S. media enquiries:
April Burghardt
Waters
Communications
E: april@waterscomms.com
Do you think you can beat this Sweet post? If so, you may have what it takes to become a Sweetcode contributor...Learn More.