Another week, another report about the complete lack of understanding of security in UK businesses. This time, it comes from IT services firm Accenture, and the findings are quite alarming.
In this study of more than 5,500 businesses, almost 75% of organisations were under the impression that they have adequate data protection policies. There is a massive disparity here. Claiming to have an adequate data protection policy of course depends on your idea of your responsibilities with data.
70% of organisations said that they had an obligation to secure customers’ personal information, but in the same breath, 58% said that they had lost sensitive data in the past two years. 60% admitted that a loss of sensitive data was a recurring problem in their organisation too, so these are not isolated events we are talking about.
Clearly, there is a huge demand for better security, and it is time that businesses woke up to this fact. A reliance on regulations to set the bench mark appears to be the problem; 70% of respondents said that their organisation regularly monitored compliance requirements. It is from this that their belief that their security policies are up to scratch comes from. The trouble is that with so much data being lost, it is clear that regulations have fallen behind the threat and are no longer realistic.
The irony is that many companies employ this method of just about keeping up with security policy regulations in order to cut costs. It would be interesting to find out how much more money a company could make if it was not continually losing data and thus custom, and compare that to the costs of a state-of-the-art security policy that is regularly updated.
Once again, this report shows that investment in decent security is a true investment that will boost a business, not a burden that hampers an organisation.