Organizations detailed the impact of data loss to their business, including lost customers (49%), damage to reputation and brand (47%), decreased revenue (41%), increased expenses (39%), and a tumbling stock price (20%).
For the report ReRez Research polled 4,506 organizations in 38 countries on behalf of Symantec.
More than two-thirds of respondents have had confidential information exposed outside of their company, and 31% have experienced compliance failures related to information.
“Any organization that allows file sharing, that allows open access to cloud drives, they are essentially allowing employees to move information out to places that may not have the same security policies and procedures”, said Sean Regan, senior director of product marketing at Symantec.
“Do the security policies of the cloud providers you work with match the level of security policies you have in house? As a chief security officer, that is a question you need to be looking at for each cloud device you turn on, each cloud storage location”, he added.
Another challenge is the amount of duplicate information businesses are storing – an average of 42% of data. Storage utilization is also low, at only 31% within the firewall and 18% outside.
These risks and inefficiencies result in businesses spending more than necessary on storing and protecting their information. A key issue identified by 30% of businesses is information sprawl – the overwhelming growth of information that is unorganized, difficult to access, and often duplicated elsewhere, the survey found.
“If you have kept every piece of information you have ever generated in your environment or in the cloud, there is that much more you need to protect. So with a data beach, you might be exposing information that you could have justifiably deleted years ago”, Regan said.
“Companies need to think about this idea that not all information is created equal. In this Big Data environment, folks say, ‘Keep things forever’, because you might be able to run analytics on it. That’s great from an analytics perspective, but from a security perspective you have that much more to lose should a breach occur”, he related.
“Companies need to look at the balance between retention for value of Big Data, and how much it costs and how difficult it is to secure that huge collection of information”, he added.
Symantec recommends that organizations put their security focus on the information rather than the device or data center, assess which information is the most important to protect, be efficient and consistent in data storage and protection, and plan for future information needs.