Nearly two-thirds (60%) of US firms believe some of their data is now in the hands of a competitor because of a breach, according to a new study from Ponemon Institute.
These “knowledge assets” could include profiles of high-value customers, product design, development and pricing, pre-release financial reports, strategic plans, and confidential information about existing relationships or anticipated transactions, according to the report.
In fact, three-quarters (74%) of the 600 respondents to the study, carried out on behalf of law firm Kilpatrick Townsend, claimed that their firm had failed to detect a breach involving such assets.
Careless employees were blamed as the number one cause of such incidents, although poor security practice was identified in other areas.
For example, half of respondents claimed that both privileged and ordinary users have access to sensitive data, while only a third of firms that store data in the cloud said they properly vet providers first.
Only 28% said they thought their firm was effective at mitigating the loss or theft of data, with the main contributing factors given as lack of in-house expertise (67%), lack of clear leadership (59%), and lack of collaboration between different job functions (56%).
This inability to lock down data could be costly in the long run.
The average cost in remediation alone over the past 12 months was $5.4 million, and nearly 70% of respondents claimed the maximum cost could top more than $100 million, with around half saying that figure could even top $250m.
Jon Neiditz, co-leader of the Kilpatrick Townsend Cybersecurity, Privacy & Data Governance Practice, argued that cybersecurity and insurance are paramount for “clients who invent.”
Ponemon Institute founder, Larry Ponemon, added that there are several steps firms can take to reduce risk.
“First of all, understand the knowledge assets critical to your company and ensure they are secured. Make sure the protection of knowledge assets, especially when sharing with third parties, is an integral part of your security strategy, including incident response plans,” he argued.
“To address the employee negligence problem, ensure training programs specifically address employee negligence when handling sensitive and high value data.”