Cybersecurity firm Netwrix announced the release of its report called “2020 Data Risk & Security” that surveyed nearly 1,045 decision-makers in the security field to know about how their organizations treat sensitive and regulated data during each stage of its lifecycle. The study is intended to identify common security gaps in data processing activities.
According to the report, 91% of respondents were certain their sensitive data is stored safely while one in four organizations admitting they had discovered such data outside of designated secure locations last year.
The report also highlighted that 61% of organizations that are subject to the GDPR collect more customer data than the law permits. It’s found that 66% of CIOs don’t have cybersecurity and risk KPIs that are regularly reported to their executives. Nearly 54% of organizations said that they do not follow the security practices like reviewing user access rights to data on a regular basis. It also revealed that 30% of system administrators granted direct access to sensitive and regulated data base only on user requests.
Steve Dickson, CEO, Netwrix, said, Even as cybersecurity budgets grow, data breaches continue to increase in both number and size. Cybersecurity leaders need to find more effective ways to manage data security risks and show return on investment to the executive team. Gaining more visibility into data, internal processes and user activity will enable them to prioritize their efforts, mitigate security and compliance risks more efficiently, and prove the effectiveness of their investments.”
“Unstructured data often accounts for nearly 80% of the data footprint of an organization. The true extent and size of unstructured data are often unknown due to compression, deduplication and the number of copies of data within the organization. Beyond the substantial proportion of dark data prevalent in the average organization, within the unstructured dataset is often found more than 10 copies of the same files just through data protection, backup and recovery, business continuity, testing, and other automated activities,” Dickson added.