'State of security maturity' shows need for improvement


A recent PricewaterhouseCoopers study commissioned by Iron Mountain sought to determine the general safety of customer data in companies' systems. This is extremely important, as customers are more cognizant than ever of the trust that they are placing in companies.

The survey polled approximately 600 companies in Europe to build a composite picture of data loss prevention preparedness and what is needed to increase it. The survey found that some of the biggest threats to data are not being addressed, raising fresh worries about companies that do not look immediately to defend their data.

"Business leaders ignore information security risk at their peril," stated PricewaterhouseCoopers risk and compliance leader Richard Sykes. "Historically, business leaders have tended to regard information security as a technology issue - as reflected by the traditional reporting channels - but this is a complete misconception and needs to change."

The report strongly urged companies to look beyond the IT department and create a far-reaching data loss prevention strategy. The authors advocated for a member of the board to take responsibility for data security, making sure that boardroom meetings always have security on the agenda. They also urged companies to enact top-down security policies that apply to all media and are tested periodically.

One source of data danger that companies may neglect to detect in advance is the behavior of their own employees. The authors singled out no less than eight areas in which employees are placing data at risk. Everything from negligence and lack of training to a malicious attack from an insider were reported as threats, reminding IT administrators of the many forms data risk can take and the many areas it can come from. A comprehensive data loss prevention strategy is one that contains awareness that external attacks are merely one source of risk.

A recent Ponemon Institute security survey sponsored by Symantec similarly found that data risk from within is a large-scale problem. The survey, as opposed to PricewaterhouseCoopers' European focus, took its data from 49 U.S. companies.

Negligent employees were found to be the most frequent causes of data breaches, with malicious attacks coming in second. The firm's recommendations for businesses included the creation of a c-level position responsible for information security, reflecting the view of the PwC survey. The cost of data breaches, researchers found, was also more expensive for companies that did not perform thorough assessments of what was lost before notifying customers.