The findings of Code42’s 2016 Datastrophe Study have been published. This data protection study surveyed 400 IT decision makers, and more than 1,500 UK-based knowledge workers between the ages of 16-55+, all of whom work in enterprise-size organizations.
Today’s organizations are porous; data is no longer safely tucked away inside the traditional enterprise security perimeter. According to new research by Code42, chief information officers (CIOs), chief information security officers (CISOs) and IT decision makers (ITDMs) believe that as much as 45 percent of all their corporate data is held on endpoint devices. The serious implications and risks of this are understood at the top of the IT organization: with 88 percent of CIOs/CISOs and 83 percent of ITDMs stating that losing this data would be seriously disruptive or even business destroying. But, awareness of data risk is also felt on the shop floor, with 47 percent of knowledge workers agreeing that the risks of corporate data loss would pose a threat to business continuity. Yet, despite this understanding, 30 percent of ITDMs admit that they do not have, or do not know if they have, an endpoint data protection (backup) strategy or solution in place.
Data protection is fundamental to the smooth and successful running of enterprise businesses today. It is also integral to mitigating reputational risk. 89 percent of CIOs/CISOs and 80 percent of ITDMs say that their ability to protect corporate and customer data is vital or very important to their company’s brand and reputation: a sentiment that 74 percent of knowledge workers agree with. But, even when considering the growing threat landscape, more than a quarter (28 percent) of ITDMs suggest that they do not do enough, or are not sure that they do enough to protect corporate data. This will be of great concern to knowledge workers, of whom at least one-third (36 percent) believe the business they work for may be at risk of a data breach (that could go public) in the next year.
“What's clear from the 2016 Datastrophe Study is that more needs to be done to protect the enterprise. CISOs need to stop being the custodians of security and start taking the position of service providers and consultants to the business. While decisions around IT projects should be driven by the business, lines of business managers should be working closely with their CISOs to ensure projects measure up to the rigours of modern enterprise security. It's no longer enough for the general IT team to give advice—often based on what they 'can' or want to provide—on information and data security,” comments Phil Cracknell, founding member at ClubCISO, who reviewed the study’s findings.
Uncertainty around data protection strategies is no longer an option, especially when you consider the rapidly changing data protection policy landscape and pre-existing trust issues. 69 percent of ITDMs suggest that the upcoming EU General Data Protection Regulation (GDPR) will affect the way they purchase and/or provision data protection and security tools/solutions. In fact, 76 percent suggest they will be putting in additional security measures in place. Yet, 18 percent are waiting for everything to be finalised before making changes. This will not be welcome news to at least a quarter of knowledge workers (25 percent), who say they currently do not trust their IT teams or companies with their personal data.
Now is definitely the time for change, and it is starting to happen. 69 percent of ITDMs say they should be doing their best to provision data security that matches end-user expectations and working patterns. And a further 54 percent of knowledge workers and 38 percent of ITDMs believe there should be more investment into endpoint data protection in their organizations.
“Today, in large part due to the onset of flexible working and increased mobility of knowledge workers, the majority of the data we carry is at the endpoint. This newfound mobility of data, combined with a rapidly evolving threat landscape is causing enterprise IT security — which traditionally relied on locking data away safely in the data centre / center — to go through a dramatic transformation. IT and information security teams need to find powerful new solutions that will keep data safe — wherever it might be. The time for change in the enterprise is now — from the C-suite to the knowledge worker,” concludes Rick Orloff, CSO at Code42.
About the 2016 Datastrophe Study
The IT decision maker portion of the research for this report was conducted by RedShift, an independent research consultancy based in London. 400 IT decision makers, including CISOs and CIOs within companies of 500+ people, who have decision-making power where budgets are concerned, completed an online study during November 2015.
At the same time, the knowledge worker — end users who are in full-time employment with access to technology as part of their day-to-day jobs —study was conducted by CensusWide, another independent research consultancy based in London. 1,500 knowledge workers, including CEOs, directors, team leaders and employees, completed an online study during November 2015.
More details.