According to Peter Abatan, principal partner with London-based Documentti, a document management specialist, companies are now discovering they need DRM technology to secure their data when it has been archived.
"Companies now have a definite need to archive their paper documents using electronic means, but in the process of archiving the data electronically, they also need to protect the data", he said.
Speaking at last week's DRM conference – organised by Documentti with its Korean partner Fasoo.com – Abatan explained that his research suggests that 70% of companies experienced some form of data breach last year.
So why, he asked, isn't this fact being reported to the media?
The problem, he says, is that reporting procedures are not always in place, but the good news, he told his audience, is that he is starting to see regulatory requirements now mandating companies to report their data breaches where it involves personal information.
Abatan adds that his research suggests that only 43% of data breaches get reported, adding that research from the IDTheftCenter suggests that malicious attacks are now surpassing human error as the main reason for data breaches for the first time.
But, he went on to say, his observations also suggest that the need for transparency and accountability may be masking the true extent of the data breach problem.
"Organisations that are unable to protect their data will grow weaker and weaker", he said, adding that it is now clear that companies need to defend their data, in whatever form it is stored on their computer systems.
It's worth noting, he went on to say, that, by June of this year, the ICO's office had seen 1000 data breaches reported, and that more than 400 of these breaches were within the NHS.
As a result of this, Abatan says that the healthcare sector has probably become the worst in terms of defending its data, adding that data breach events in the private sector – such as the ACS:Law and Toyota data loss incidents – show that the private sector is rapidly catching up the NHS and the rest of the public sector in the data breach department.
But, he explained, when you look beyond the prospect of public humiliation and fines from the likes of the ICO, there is still another very real cost to companies that have been hit by a data breach.
That cost, he says, is the loss of reputation and consequential loss of business, which can often lead to lay-offs as business at the affected company takes a dive.
The problem is made worse, he claims, by the fact that, if a data breach is not reported, little or no steps are taken to resolve the situation.
"If the ICO is involved, then they will advise and apply their rules to solve the problem", he said, adding that, without the ICO's involvement, data security situations rarely change or evolve.