The research, which was commissioned by leading data management company DocAuthority, surveyed 2,827 professionals in the United States and United Kingdom across seven functional areas. The results found that when asked to estimate the monetary value of different types of business information, IT Security departments undervalued documents including R&D and financial reports, whilst excessively prioritising less sensitive PII-related data.
This increases the chance of a major data breach, the mishandling of access rights for employees and the application of incorrect levels of security to low value documents:
"Typically, the security and protection of business data is considered to be the responsibility of the IT Security department. Yet it’s clear from this research that IT Security does not have the vitally-important context required to understand the true value of that data, and in turn create an effective strategy for defending it,” says Doctor Larry Ponemon, Chairman and Founder of the Ponemon Institute. “Rather than being relegated to IT, data and its protection should be the concern of not only management level, but the business as a whole.”
Steve Abbott, the CEO of DocAuthority comments: "Only around 5% of data retained by businesses will be crucial to running the current and future organisation. Despite this, most businesses still apply unrepresentative, or ‘one size fits all’ levels of security to their data assets. Businesses need to consider how they can take a more strategic and cost-effective approach by identifying critical data that is worth security investment. Whilst a manual scan of unstructured data held by a typical 5000 seat organisation could take up to 400 years, Artificial Intelligence (AI) tools can help businesses identify and categorise data with an unprecedented level of accuracy, in a rapid timeframe.”
Steve Abbott adds, “It’s important to consider that obscurity around data could have far reaching ramifications. Despite company data being a hugely valuable business asset, organisations rarely have a clear view of what they own and what it’s worth. As a result, within the context of a sale for example, data assets are likely to be overlooked as part of a business’s valuation. We are confident that this will change as the business world starts to understand how data can impact a business's bottom line.”