[December 14, 2017] |
|
New Trustwave Study Finds Major Variances in How Different Countries and Industry Sectors Value Their Critical Data
Trustwave today released the "Value
of Data Report," a sponsored research report conducted by industry
analyst firm Quocirca. This global study includes a survey of 500
information technology (IT) decision makers in the United States,
Canada, United Kingdom, Australia and Japan, examining attitudes towards
the value of confidential data including: personally identifiable
information (PII), payment card data, intellectual property (IP) and
email. It reveals significant differences in both the level of vigilance
applied to assessing and mitigating the level of risk, as well as the
relative value attached by different verticals, countries, and
stakeholders to various types of data.
Key highlights from the Value
of Data Report from Trustwave include:
-
U.S. professionals value their PII data more than twice as much as
their U.K. counterparts: The average per capita value (PCV) of PII
in the U.S. is $1,820 versus $843 in the U.K. and $1,025, $1,186 and
$1,040 respectively in Canada, Australia and Japan.
-
Different levels of importance are placed on different data types
such as PII, IP, payment card data and email: PII (47.4%) is given
a higher priority than IP (27.6%), followed by payment card data
(18.4%) and with corporate email (6.6%) coming last.
-
Dramatic differences exist between values placed on PII data by
attackers, security professionals, insurers and regulators: The
mean per capita value (PCV) placed on a PII record by cybercriminals
is $39 compared to $1,198 by IT professionals, $3,211 for insurers and
$8,118 for regulators.
-
"Data risk vigilance" (DRV), a measure of efforts to protect data,
is highest among Canadian firms and lowest amongst Australian
businesses with the U.K. in the middle: The study assessed the
measures organizations put in place to care for their data according
to ten separate factors. Canadian and U.S. companies earned the
highest DRV and were therefore more data risk vigilant, followed by
the U.K., then Japan and Australia. Financial companies and
IT/Communications companies were the highest scoring verticals and
hospitality an retail the lowest scoring.
-
Industry sector influences the type of data that is given highest
priority: Healthcare and hospitality sectors prioritize PII data
with an average score of 3.5 and 3.4 out of 4, while industrial and
IT/Communications companies rank IP as most important at 3.0 and 2.9
out of 4.
-
Shareholder data and patient data are the most valuable data types:
Shareholder data is most highly valued by IT professionals at more
than $1,700 per record, followed by patient records with a mean value
of more than $1,500 and consumer data at just more than $1,000 per
record - lowest ranked are contractors at just less than $600 per
record.
-
Patient data is the most rigorously risk assessed: Nearly 80%
of organizations seeing patients as their prime data subject said they
had carried out a comprehensive risk assessment, more than for any
other data subject. In the U.K., where healthcare is largely
controlled by the government through the National Health Service
(NHS), this rose to 90% and in the U.S., where regulation is tight
through Health Insurance Portability and Accountability Act (HIPAA),
to 85%.
-
Certain types of PII are much less assessed in terms of risk: Contractors'
and suppliers' individual PII data is less rigorously assessed than
other types of PII, such as patient data. Forty five percent of
companies holding contractors' private data and 42% holding suppliers'
data failed to conduct comprehensive risk assessments of the data.
-
Corporate security and risk professionals massively over-estimate
the value of PII data for sale on the black market: Overall
criminal resale values for PII on the black market are less than 5% of
the value that enterprise security professionals estimate them to be
worth. For a payment card record, security managers over-estimate by
60 times the actual criminal values of data for sale on the black
market. For a single banking record, it is 2,000 times.
Trustwave Vice President of Security Research Ziv Mador said, "Today,
data is one of the most valuable commodities possessed by any business.
Whether that data belongs to the organization itself, its employees,
suppliers or customers, it has a duty to protect that data to best of
its ability. Companies that fail to accurately value their data are
unlikely to make the right decisions regarding the level of cyber
security investments to protect that data and are those most likely to
fall short of regulations, such as the upcoming European Union General
Data Protection Regulation (GDPR) coming into effect in 2018. Businesses
should look to the managed security services business model so that they
have the confidence that full data risk vigilance is applied to all
types of confidential and valuable data by specialists in the industry."
Bob Tarzey, senior security analyst at Quocirca and principal author of
the study, said, "Data is transforming businesses in the early 21st
century in the same way electricity did at the start of the 20th.
For nearly all businesses their PII and IP are essential assets that are
enticing targets for criminals, those storing payment card data are the
most tempting target. Data subjects, are becoming more aware of the
value their data has to the businesses they deal with and are less
forgiving when things go wrong. However, even as one data breach is
eclipsed by another in the eye of the press, the regulators will
continue to investigate the most serious as they are invested with more
powers and the clout to issue ever greater fines."
To download a complimentary copy of the Value of Data Report from
Trustwave, visit: https://www2.trustwave.com/Value-of-Data-Report_LP.html.
About Trustwave
Trustwave helps businesses fight cybercrime, protect data and reduce
security risk. With cloud and managed security services, integrated
technologies and a team of security experts, ethical hackers and
researchers, Trustwave enables businesses to transform the way they
manage their information security and compliance programs. More than
three million businesses are enrolled in the Trustwave TrustKeeper®
cloud platform, through which Trustwave delivers automated, efficient
and cost-effective threat, vulnerability and compliance management.
Trustwave is headquartered in Chicago, with customers in 96 countries.
For more information about Trustwave, visit https://www.trustwave.com.
View source version on businesswire.com: http://www.businesswire.com/news/home/20171214005084/en/
[ Back To TMCnet.com's Homepage ]
|