Ponemon Institute Study Shows Lack of Accountability, Resources at Root of U.S. Corporate Data Loss Problem
Share:
Elk Rapids, Mich., and Palo Alto, Calif. - Aug. 28, 2006 - Nearly two-thirds of security executives believe they have no way to prevent a data breach, according to the latest industry research by privacy and information management research firm the Ponemon Institute. What's more, most respondents believe their organizations lack the accountability and resources necessary to enforce data security policy compliance.
These results were derived from a national survey on information security professionals' experiences in detecting and preventing the leakage of sensitive or confidential information to unauthorized parties, both outside and inside an organization. Announced today by the Ponemon Institute and PortAuthority Technologies, Inc.,(TM) the leader in Information Leak Prevention (ILP), the National Survey on the Detection and Prevention of Data Breaches examines the responses of 853 randomly selected, U.S.-based information security professionals to questions related to data protection and prevention within their organizations.
An analysis of the study suggests that, in spite of increased attention and intense media and public scrutiny, the state of data security within U.S. corporations remains a serious challenge. Key findings of the study include:
o 59 percent of companies surveyed believe they can effectively detect a data breach, but a staggering 63 percent believe they cannot prevent a data breach. High false positive rates of up to 35 percent affect an organization's ability to detect a breach.
o 41 percent of companies surveyed do not believe they are effective at enforcing data security policy. The top reason given for failed enforcement is lack of resources.
o Companies report a 68 percent probability of detecting a large data breach (more than 10,000 data files), while small data breaches (fewer than 100 files) are likely to be detected only 51 percent of the time.
o 16 percent of companies surveyed believe they are invulnerable to a data breach.
o Excessive cost was cited as the primary reason organizations do not use leak prevention technologies, with 35 percent stating that leak prevention technologies are too expensive.
"Our data show that, in spite of the increased attention being paid to the issue of data security, enormous gaps remain in corporate America's ability to effectively protect sensitive data, and that a lack of accountability as well as a dearth of resources dedicated to the problem are at the root of the problem," observed Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "As we have shown in the past, the costs associated with a data breach can be steep, yet many companies have been slow to address this issue in a meaningful way. Based on our findings, we believe that establishing clear accountability, as well as investing in training and technology can help organizations best leverage their existing resources, close these gaps, and better protect information assets, including customer data and intellectual property."
The National Survey on the Detection and Prevention of Data Breaches also provides insight related to data breach response; technologies, practices, and procedures used to detect and prevent data breaches; primary issues, challenges and possible impediments to effectively detecting and preventing data breaches; and enforcement of data protection policy.
"While data leaks continue to make headlines today, PortAuthority Technologies is interested in learning and addressing the root causes of these issues," said Raj Dhingra, PortAuthority Technologies vice president of marketing. "We feel this study helps bring greater understanding of these issues, while validating that the industry requires much more than just monitoring of information leaks, but automated enforcement to best prevent information leaks. Enforcing policies has been our mission since we pioneered this technology in 2002."
About PortAuthority Technologies
PortAuthority Technologies is the leading provider of Information Leak Prevention security solutions that reliably and accurately control the unauthorized distribution of sensitive information for data privacy, confidential information protection and true compliance. Using its patented PreciseID(TM) technology, only PortAuthority stops information leaks by monitoring internal and outbound enterprise communications and delivering policy enforcement in real-time. PortAuthority ensures compliance with regulations such as GLBA, PCI, HIPAA, CA CC1798, PIPEDA and SOX by closing the gap between employee behavior and corporate and legal policies. PortAuthority Technologies is a privately held company backed by Greylock Partners, Sequoia Capital and Lexington Ventures. The company is headquartered in Palo Alto, Calif., and has offices throughout the U.S. For more information, please visit portauthoritytech.com, or call 877-843-4879.
