Forrester report finds organizations struggle with understanding and controlling sensitive data. Credit: Thinkstock Ask organizations today about the value of data and you’re likely to hear it measured in terms of competitive advantage, customer experience and revenue generation. As Dante Disparte and Daniel Wagner put it in a December 2016 HBR article, data is “becoming a centerpiece of corporate value creation.”“Today most organizations are data-driven to one degree or another. Data contributes not only to brand equity, but to what constitutes product and service delivery in globally connected and hyper-competitive markets,” the pair wrote.But the value of data security is still largely defined “in terms of risk, cost, and regulatory compliance,” notes Forrester Research in the executive summary of a new report commissioned by data protection software provider Varonis Systems.One of the key findings of the Forrester survey of 150 data security professionals in the U.S. and Canada is that while 76% of respondents claim a mature security strategy, the vast majority report facing technical challenges (93%) and organizational challenges (90%) with data security. And, Forrester says, they “are focused on threats rather than their data, and do not have a good handle on understanding and controlling sensitive data.” For example, just 31 percent of respondents say they classify corporate data in the cloud based on its sensitivity.In three key areas, though, employee data fares moderately better than customer data and sensitive structured data. Forty-one percent of survey respondents said they know where their employee data is located, while 38% said they know where their customer data and sensitive structured data is located. Forty-one percent of respondents said they classify employee data based on its sensitivity, compared to 40% for customer data and 37% for sensitive structured data. And forty-five percent of respondents said they audit all use of employee data and analyze it for abuse, compared to 36% for customer data and 39% for sensitive structured data. Speaking to why the numbers were somewhat higher for employee data, Forrester analyst Heidi Shey told CSO, “With employee data, I think most companies feel like they have a (slightly) better handle on this because of the smaller universe of groups and applications that handle and use this type of information within the company. Typically, HR and Finance handles the bulk of sensitive employee and job applicant data, with pre-defined use cases and purpose for having this data, and regulatory requirements and labor laws that dictate handling and use requirements.” “Still, I think many companies may overlook the scope of what constitutes sensitive employee data,” Shey added. “There are the usual sensitive data types that come to mind like personal information, payroll and tax information, social benefits information. Yet if we start to think about employee personal data in broader context and with privacy in mind, more data types apply. Things like annual performance reviews, information generated by computer systems, expense reimbursements (e.g., travel), sickness records, etc. enter the picture. This is where classification becomes critical for a global company to stay on top of employee privacy and labor laws across different jurisdictions where they have employees.”To learn more about what security pros have to say about the state of data security in their organizations, download the Forrester/Varonis report. Related content news Hackers book profit by scamming Booking.com customers Malicious elements are using Vidar infostealer to gain access to Booking.com’s management portal and defraud customers. By Gagandeep Kaur Dec 04, 2023 4 mins Cyberattacks Cybercrime Security opinion Proactive, not reactive: the path to ensuring operational resilience in cybersecurity The experience of the financial sector in dealing with threats is instructive to anyone in the cybersecurity space — there’s no substitute for getting out ahead of potential risks and problems. By Cameron Dicker Dec 04, 2023 6 mins Financial Services Industry Data and Information Security Security Practices feature 4 budget-savvy strategies for building an effective purple team Building a purple team is not only for organizations with a generous budget. From the shoestring one-person operation harnessing open-source power to the well-oiled machine of a comprehensive team, organizations of all sizes have a pathway to heighte By Maril Vernon Dec 04, 2023 14 mins Threat and Vulnerability Management IT Training Risk Management news Is China waging a cyber war with Taiwan? Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports. By Gagandeep Kaur Dec 01, 2023 4 mins Cyberattacks Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe