May 13, 2015 By Pamela Jones 2 min read

Hardly a week goes by without headlines about a breach of customer data. Less frequent, but just as alarming, are the publicly reported examples and allegations of intellectual property theft. Data security and privacy — and, by extension, brand reputation — are front and center today and will quickly become a business differentiator for tomorrow. The question remains: How will organizations respond?

IBM commissioned Forrester Research to evaluate data security decision-making by security buyers and influencers. Much of the research focused on what it means to engage in proactive data security and privacy efforts to address threats both today and in the future. This study began in May 2014 and was completed in June 2014. Forrester developed a hypothesis testing the assertion that enterprises today have many more stakeholders involved in data control, data governance, security and privacy. However, despite this involvement, organizations approach data security in a very reactive fashion and often do not have a clear understanding of the value of their data.

As part of the study, Forrester conducted surveys with 200 security decision-makers in the U.S., U.K. and Germany and had five in-depth follow-up phone interviews for additional context. The final report found that while these companies’ data security efforts are primarily driven by compliance and are tactical in nature, security teams have the attention of executives who are increasingly aware of and concerned about data security. These decision-makers also place a high priority on helping securely enable big data and data quality initiatives, both of which have implications for revenue growth and customer experience.

https://www.youtube.com/watch?v=r1FLU6HvzF0

Key Findings

Forrester’s study yielded five key findings:

1. Data security efforts are policy- and compliance-driven.

Compliance is necessary, and policies are an important part of data security. However, organizations that drive data security efforts based on policy and compliance put the business at risk by neglecting to take a more holistic and proactive approach to their data security strategy. Remember: Compliance does not equal security.

2. Firms do not understand what sensitive data is.

What is sensitive data to the organization? And does the entire organization share a common understanding of what constitutes sensitive data? In order to protect our data, we must first know and understand it.

3. Proactive data security goes beyond technology implementation.

Technology is only one part of the equation; people and processes matter. Data privacy and security are conjoined concepts that require coordination between businesses’ employees, customers and operations to successfully address these concerns.

4. Many firms struggle with data security and are not mature in measuring the success of data security initiatives.

The transition from network- and device-centric security to data-centric security is new to most enterprises. There is a significant cultural shift that must take place for organizations to mature their data security practices.

5. For better or worse, breaches are an organizational catalyst.

As a direct result of a data breach, 45 percent of firms implemented new security controls and policies, and 42 percent said that security and privacy have become bigger topics of discussion. However, 35 percent also indicated that the breach caused a lot of disruption in the organization, with 18 percent of companies laying off employees as a direct result.

Read the complete Forrester Consulting report on Data Security and privacy

More from Data Protection

Why safeguarding sensitive data is so crucial

4 min read - A data breach at virtual medical provider Confidant Health lays bare the vast difference between personally identifiable information (PII) on the one hand and sensitive data on the other.The story began when security researcher Jeremiah Fowler discovered an unsecured database containing 5.3 terabytes of exposed data linked to Confidant Health. The company provides addiction recovery help and mental health treatment in Connecticut, Florida, Texas and other states.The breach, first reported by WIRED, involved PII, such as patient names and addresses,…

Addressing growing concerns about cybersecurity in manufacturing

4 min read - Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface.According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.Apparently, the data being stored in industrial control systems is…

3 proven use cases for AI in preventative cybersecurity

3 min read - IBM’s Cost of a Data Breach Report 2024 highlights a ground-breaking finding: The application of AI-powered automation in prevention has saved organizations an average of $2.2 million.Enterprises have been using AI for years in detection, investigation and response. However, as attack surfaces expand, security leaders must adopt a more proactive stance.Here are three ways how AI is helping to make that possible:1. Attack surface management: Proactive defense with AIIncreased complexity and interconnectedness are a growing headache for security teams, and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today