May 13, 2015 By Pamela Jones 2 min read

Hardly a week goes by without headlines about a breach of customer data. Less frequent, but just as alarming, are the publicly reported examples and allegations of intellectual property theft. Data security and privacy — and, by extension, brand reputation — are front and center today and will quickly become a business differentiator for tomorrow. The question remains: How will organizations respond?

IBM commissioned Forrester Research to evaluate data security decision-making by security buyers and influencers. Much of the research focused on what it means to engage in proactive data security and privacy efforts to address threats both today and in the future. This study began in May 2014 and was completed in June 2014. Forrester developed a hypothesis testing the assertion that enterprises today have many more stakeholders involved in data control, data governance, security and privacy. However, despite this involvement, organizations approach data security in a very reactive fashion and often do not have a clear understanding of the value of their data.

As part of the study, Forrester conducted surveys with 200 security decision-makers in the U.S., U.K. and Germany and had five in-depth follow-up phone interviews for additional context. The final report found that while these companies’ data security efforts are primarily driven by compliance and are tactical in nature, security teams have the attention of executives who are increasingly aware of and concerned about data security. These decision-makers also place a high priority on helping securely enable big data and data quality initiatives, both of which have implications for revenue growth and customer experience.

Key Findings

Forrester’s study yielded five key findings:

1. Data security efforts are policy- and compliance-driven.

Compliance is necessary, and policies are an important part of data security. However, organizations that drive data security efforts based on policy and compliance put the business at risk by neglecting to take a more holistic and proactive approach to their data security strategy. Remember: Compliance does not equal security.

2. Firms do not understand what sensitive data is.

What is sensitive data to the organization? And does the entire organization share a common understanding of what constitutes sensitive data? In order to protect our data, we must first know and understand it.

3. Proactive data security goes beyond technology implementation.

Technology is only one part of the equation; people and processes matter. Data privacy and security are conjoined concepts that require coordination between businesses’ employees, customers and operations to successfully address these concerns.

4. Many firms struggle with data security and are not mature in measuring the success of data security initiatives.

The transition from network- and device-centric security to data-centric security is new to most enterprises. There is a significant cultural shift that must take place for organizations to mature their data security practices.

5. For better or worse, breaches are an organizational catalyst.

As a direct result of a data breach, 45 percent of firms implemented new security controls and policies, and 42 percent said that security and privacy have become bigger topics of discussion. However, 35 percent also indicated that the breach caused a lot of disruption in the organization, with 18 percent of companies laying off employees as a direct result.

Read the complete Forrester Consulting report on Data Security and privacy

More from Data Protection

Data security tools make data loss prevention more efficient

3 min read - As businesses navigate the complexities of modern-day cybersecurity initiatives, data loss prevention (DLP) software is the frontline defense against potential data breaches and exfiltration. DLP solutions allow organizations to detect, react to and prevent data leakage or misuse of sensitive information that can lead to catastrophic consequences. However, while DLP solutions play a critical role in cybersecurity, their effectiveness significantly improves when integrated with the right tools and infrastructure. Key limitations of DLP solutions (and how to overcome them) DLP…

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today