Right now, I have $30 in my wallet. Including the loose change dispersed between my coin purse and back pocket, I\u2019ve probably got about another $5.Money might have an assigned value, but it is of course a completely artificial construct. One day, millennia ago, someone thought it would be a better idea to exchange goods with a token, rather than barter with other goods and services. Those tokens \u2013 and the modern currencies they have evolved into \u2013 have no intrinsic value. However, we all know what their accepted value is; all you need to do is look at a banknote or coin, and you\u2019ll immediately see how much it\u2019s worth.Unfortunately, the same can\u2019t be said for data. Despite my many years of experience in the InfoSec industry, if you put a database in front of me, I\u2019d struggle to ascribe a monetary value to it. When it comes to data, its financial worth is most definitely in the eye of the beholder.To an attacker, a small leaked database might be worth a fortune in cryptocurrencies. Or, it might be worth as little as $5 on a dark web forum, where data and tools are abundant, trivial commodities.Even to the organizations that hold data, its value can seem ambiguous. In many respects, it\u2019s entirely subjective. If you deal with it daily, you probably hold it in higher esteem than someone else would; conversely, you might take this data for granted, assuming that that its value is not high enough to make it a target for anyone.This uncertainty around the value of data often results in organizations failing to adequately protect their data, so it\u2019s important to take a closer look at just how much our data can actually be worth.Show me what your name is worthWe all know that credit card data is important. If your personal credit card number ended up on Pastebin, you\u2019d probably panic. Your blood would run cold, and you\u2019d frantically reach for your phone to call your bank and freeze your accounts.Similarly, if you\u2019re a company, you can expect to get some stern words from the ICO (as well as a fair slice of negative press) if you accidentally leak your customers\u2019 credit card numbers.The value of this kind of information is fairly obvious; but let\u2019s shift our focus to instead look at the so-called grey areas, the pieces of data where the value isn\u2019t immediately obvious.Some slightly esoteric examples come to mind: patient photographs belonging to a top plastic surgeon, for example; or maybe the data held on the servers of the World Anti-Doping Agency (WADA). When Fancy Bear splashed that information on the internet back in 2016, it created an ongoing issue for the sports integrity agency that has yet to be resolved.When calculating the value of a data set, it\u2019s always worth remembering that everything comes with its own context.Another example of a potentially valuable, yet often overlooked, piece of data is an email address. People don\u2019t ascribe much value to email addresses. They\u2019re easily created, and easily replaced. But if your digital life is an atom, its nucleus can be considered to be your email address.We\u2019re continuing to see attackers heavily target email accounts, knowing that these are the gateway to other accounts. Password reset emails must go somewhere, right?This trend is relatively new, especially when you consider it within the context of how long email has been around; this highlights the fact that the value of data isn\u2019t static \u2013 it changes significantly over time.The value in aggregating dataImagine a periodic table of data. Email addresses, social security numbers, phone numbers \u2013 the entire cornucopia of personal information are all elements. What happens when you combine them all?It turns out it creates a much stronger digital compound. A rich dataset with a variety of different information about each target is worth much more than the sum of the individual parts.Metadata from a mobile phone, for example, can identify someone as using a certain dating app. By itself, this may not be valuable information, but if you combine it with location data, or transactional data from a payment service like Apple Pay, you could figure out where someone went on a date.This is an example with scant relevance to the business world, but it does serve to illustrate the interconnected nature of our data, and how it can be combined to paint a bigger, more detailed picture of a user\u2019s whereabouts and activities.Mattresses and banksWhere do you keep your life savings? In the 1920s, when cascading failures in the financial system undermined consumer confidence, people decided to hide their money in mattresses, because they perceived that to be the safest option.Nowadays, this is a no-brainer. People around the world entrust their money to banks without a second thought. But, just like the value of data, perceptions about the safest place to store money change over time.There are parallels in the InfoSec world as well. In many ways, cloud-based services, which can house huge databases of valuable data, are the banks of today. However, as was the case with the banking system in the 1920s, the cloud has at times faced a confidence deficit.Are those concerns still justified? Perhaps not. There are many cloud services out there that are solid, secure and dependable. They\u2019re good. They work. And crucially, people rely upon them to conduct business.It\u2019s important to recognize that just like an organization needs to be selective about which bank it chooses to do business with, they should also be selective about which cloud services they trust with their data.Whether you are choosing a new business partner or figuring out how to handle your data, it is essential that you do your homework. Be flexible, since change is inevitable, but make sure you know what security controls exist, how they work, and if they\u2019re adequate for the valuable data you\u2019re trying to protect.ConclusionThe value of money feels arbitrary, and that of data often does too. Determining its true value is something that requires sincere thought. You need to look at it from multiple perspectives; not just from that of the business, but also from the point-of-view of an attacker, or that of a third-party company hoping to leverage and profit from your company\u2019s data.If you consider how much your data is worth to various parties and in varied contexts, then you\u2019ll be in a better position to understand both its value and the extent to which it needs to be protected.