Only About One-Third Of Data Completely Secure, Say U.S. Executives In Survey

Data Security A Top Concern for Execs, But Most Question Business Impact, According to Study by NTT Com Security in U.S.

Only about a third of U.S. data is completely secure and information security is low on the list of risks to businesses, say U.S. executives in a new report from global information security and risk management company, NTT Com Security (formerly Integralis).

Over half of the senior executives surveyed ranked competition and business growth as challenges to running a successful business, while less than one third (29 percent) said data security. The survey findings show an alarming disconnect between policy and behavior and showcases a need for education about data security among business leaders.

Wide-reaching research that covers topics ranging from data policies to data security to impacts of a data breach and more, the Risk:Value report is derived from a survey of 100 senior business decision-makers (not in an IT role) in the United States, and was intended to determine the level of risk and the value that American businesses place on data and information security.

The executives said that only 10-12 percent of their IT budget is spent on data security, even though 65 percent of respondents say data security is vital to their organization and characterized consumer customer data as the most important. Respondents said risks to the business coming from competitors taking market share, lack of employee skills and decreasing profits were more concerning than data security.

Senior executives also fail to acknowledge long-term damage – both in terms of time and money – that a data breach might have on their business. Nearly three-quarters (72 percent) predicted there would be minimal long-term damage, although nearly all report that their organization would suffer reputational damage (64 percent) and loss of customer confidence (58 percent) if data were lost in a security breach.

When it comes to the financial impact of a security breach, 40 percent of respondents said their organization would suffer a direct financial loss, on average, by five percent. Yet, 16 percent expect no impact at all on revenue with another 16 percent admitting they do not know what the financial implications would be. 

Two-thirds of senior executives report that their organization has a data breach recovery plan. As the rate of breaches increase, securing data becomes more difficult, especially as the breaches and attacks become more complex and advanced. This new data security landscape requires stronger tools and more efficient strategies to secure data. 

“Data breaches are becoming commonplace and with only about a third of stored data completely secure, this is just the tip of the iceberg,” stated Chris Camejo, director of assessment services for NTT Com Security US. “Senior executives need to start asking the questions including, ‘what does completely secure mean and how do they know their organization’s data is completely secure?’ In my experience with our clients, they believe they are completely secure, until we run tests and discover the opposite is true.”

The Risk: Value report highlights four key areas: Data Policies, Data Security, Impact of a Data Security Breach and Personal Knowledge/Behavior:

Data policies in the business

• 65 percent of respondents say data security is vital to their organization
• On average 12 percent of an organization’s IT budget is spent on data/information security, although 13 percent of respondents do not know the amount spent 
• Over a quarter (26 percent) said their company does not have a chief data security officer, and are not planning to appoint one
• Two-thirds have a business or disaster recovery plan in place in the event of a breach

Data Security

• About one-third (37 percent) of the organizations’ data stored is completely secure
• 30 percent of respondents report that customer data (consumer) is vitally important to the success of their business, but only 48 percent report that all customer data is completely secure
• 56 percent of respondents report that their organization’s intellectual property is completely secure; while less than half (46 percent) reported their company’s employee information is completely secure

Impact of a data security breach

• 40 percent of respondents said their organization would incur a direct financial loss
• 72 percent said if they suffered a data security breach there would be minimal long term damage to their reputation
• Over one-third (34 percent) say it will take between one and three months to recover
• One-third say there would be minimal long term damage to their company’s reputation
• Over half (55 percent) say that their organization is insured for security breaches
• Over half (55 percent) protect their personal data more securely than their company’s protect data

Personal knowledge and behavior

• Less than a quarter (24 percent) are kept up to date by the IT security team about data attacks and potential threats
• 16 percent rely upon their own judgment of what is ‘safe behavior’ when using/accessing work-related data, but nearly a quarter (23 percent) state data security is a joint responsibility between them and the IT team

Methodology
NTT Com Security commissioned market research company Vanson Bourne to undertake an extensive survey of 800 senior business decision makers (not in an IT role) in Australia, France, Germany, Hong Kong, Norway, Sweden, U.K. and U.S. (100 respondents in each country) in September 2014. Forty-five percent of organizations had between 1001-5000 employees and 28 percent had more than 5000 employees. The majority (67 percent) had a global revenue of between $100M and $10B, and 18 percent had global revenue of $10B+ per annum. Sectors included manufacturing, retail, banking/financial services, transport, healthcare, utilities, telecoms, oil & gas and government.

About NTT Com Security
NTT Com Security (formerly Integralis) is a global information security and risk management organization, which delivers a portfolio of managed security, business infrastructure, consulting and technology integration services through its WideAngle brand. NTT Com Security helps organizations lower their IT costs and increase the depth of IT security protection, risk management, compliance and service availability. NTT Com Security AG, is headquartered in Ismaning, Germany and part of the NTT Communications Group, owned by NTT (Nippon Telegraph and Telephone Corporation), one of the largest telecommunications companies in the world. For more information, visit http://www.nttcomsecurity.com.