In the last few months, we’ve seen many cases of personal data breaches, both from companies and from government organizations. With an average cost of 3.86 million dollars for a data breach, the economic repercussions are significant. And this figure is likely to increase, since the implementation of GDPR on May 25 and the consequent reporting of data breaches to the pertinent authorities. Given all of this, now is a very good time to protect the personal data that your company manages, to avoid these costs. But, do you really know where it’s stored?
Gemalto has carried out a study of over a thousand IT decision makers in companies worldwide, as well as over 10,000 consumers, to find out the state of data confidence. And the figures are far from encouraging.
The study has revealed that only 54% of companies know where their sensitive personal data is stored. This data includes bank details and physical addresses, among other information, that would mean major problems if it were stolen. And if a company doesn’t know where its data is, how can if know if it has been exfiltrated? What’s more, how can it know who has access to it? It’s important to remember that theft carried out by malicious insiders is one of the leading causes of these exfiltrations, and without visibility of this data, it’s very difficult to stop it from happening.
These problems when it comes to finding unstructured data could be a question of volume. In fact, 65% of companies collect so much data that they’re unable to categorize or analyze it. With such a quantity of data, the fact that it is hard to find may be a little less surprising. What’s more, if a company isn’t able to analyze its data, it won’t be aware of the value this data has, or what security measures need to be in place to keep it safe.
Companies don’t adhere to regulations
This year’s data protection regulation par excellence has been the GDPR; but other regulations of this kind have been around for years. Despite the fact that these data protection rules are nothing new, 82% of companies say they have difficulties when it comes to remaining compliant with regulations. What’s more, 68% state that they don’t carry out all the procedures in line with data protection laws. And without these regulations, the risk of suffering a security breach is exponential.
This corporate malpractice is reflected in the level of consumer confidence: only 52% say that they trust organizations to keep their personal data safe. And this figure is even lower for financial institutions: only 41% of consumers believe that they are capable of safeguarding their personal data.
Generalized IT security problems
According to the study, only 48% of IT decision makers believe that the IT security of their company is strong enough to stop an intruder. And what’s more, if a hacker did manage to get into the system, only 43% of heads of IT believe that their company’s data would be safe. This means that there is a very high probability that consumers’ data will be exposed to a hacker.
These statistics clearly demonstrate that there’s still a long way to go when it comes to data security. But, what can be done? With Panda Data Control, the data protection module of Panda Adaptive Defense, you can locate all the unstructured personal data on your company’s endpoints. This way, you’ll know where this data is. What’s more, it provides visibility about this data, and about the users, employees or collaborators, and the computers or servers who access it.