May 13, 2015 By Pamela Jones 2 min read

Hardly a week goes by without headlines about a breach of customer data. Less frequent, but just as alarming, are the publicly reported examples and allegations of intellectual property theft. Data security and privacy — and, by extension, brand reputation — are front and center today and will quickly become a business differentiator for tomorrow. The question remains: How will organizations respond?

IBM commissioned Forrester Research to evaluate data security decision-making by security buyers and influencers. Much of the research focused on what it means to engage in proactive data security and privacy efforts to address threats both today and in the future. This study began in May 2014 and was completed in June 2014. Forrester developed a hypothesis testing the assertion that enterprises today have many more stakeholders involved in data control, data governance, security and privacy. However, despite this involvement, organizations approach data security in a very reactive fashion and often do not have a clear understanding of the value of their data.

As part of the study, Forrester conducted surveys with 200 security decision-makers in the U.S., U.K. and Germany and had five in-depth follow-up phone interviews for additional context. The final report found that while these companies’ data security efforts are primarily driven by compliance and are tactical in nature, security teams have the attention of executives who are increasingly aware of and concerned about data security. These decision-makers also place a high priority on helping securely enable big data and data quality initiatives, both of which have implications for revenue growth and customer experience.

https://www.youtube.com/watch?v=r1FLU6HvzF0

Key Findings

Forrester’s study yielded five key findings:

1. Data security efforts are policy- and compliance-driven.

Compliance is necessary, and policies are an important part of data security. However, organizations that drive data security efforts based on policy and compliance put the business at risk by neglecting to take a more holistic and proactive approach to their data security strategy. Remember: Compliance does not equal security.

2. Firms do not understand what sensitive data is.

What is sensitive data to the organization? And does the entire organization share a common understanding of what constitutes sensitive data? In order to protect our data, we must first know and understand it.

3. Proactive data security goes beyond technology implementation.

Technology is only one part of the equation; people and processes matter. Data privacy and security are conjoined concepts that require coordination between businesses’ employees, customers and operations to successfully address these concerns.

4. Many firms struggle with data security and are not mature in measuring the success of data security initiatives.

The transition from network- and device-centric security to data-centric security is new to most enterprises. There is a significant cultural shift that must take place for organizations to mature their data security practices.

5. For better or worse, breaches are an organizational catalyst.

As a direct result of a data breach, 45 percent of firms implemented new security controls and policies, and 42 percent said that security and privacy have become bigger topics of discussion. However, 35 percent also indicated that the breach caused a lot of disruption in the organization, with 18 percent of companies laying off employees as a direct result.

Read the complete Forrester Consulting report on Data Security and privacy

More from Data Protection

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today