€890bn annual cost of data puts focus on securing information

28 Jun 2012

Organisations are being urged to improve the security of their information, rather than focusing on devices or infrastructure, after a survey estimated the total annual cost of digital data at €890bn.

Symantec’s first ever State of Information Survey, which polled more than 4,500 organisations in 38 countries, claims the total size of data currently in storage is 2.2 Zettabytes, or 2.2bn Terabytes.

Organisations possess massive amounts of information, such as confidential customer data, intellectual property and financial transactions. According to Symantec, digital information can account for almost half of an organisation’s total value. However that doesn’t always correspond to the efforts being made to keep it safe.

The consequences of losing business information include loss of customers (cited by 49pc of respondents), brand damage (47pc), decreased revenues (41pc) and increased costs (39pc).

In the UK, the nearest market for which figures are available, 65pc of businesses lost important information last year, 76pc exposed confidential data and 32pc reported compliance failures. These statistics were broadly in line with the global findings.

What data is important?

In the report, the security software firm recommended that businesses should evaluate what data is important and protecting it appropriate to its risk.

Trends such as ‘bring your own device’ and cloud are also putting data beyond the four walls of a business office, so that organisations focus on protecting their information rather than the system it resides on.

Companies can also reduce unnecessary spending on data storage by eliminating duplicated data, Symantec said.

Mike Harris, a director with Deloitte, agreed that organisations are increasingly recognising the value of their information. “How they are assigning a monetary value to it is still an open question.”

Speaking at a roundtable briefing about the survey, Harris said many Irish businesses are getting better at matching the security controls to the level of data that they hold. However, he said the report’s figures on data loss underestimate the problem in Ireland. “I suspect that number is higher,” he said.

Harris outlined a paradox where organisations that improve their security controls uncover more examples of missing data, making them appear less secure when in fact they are taking steps to address the problem. This situation arises when organisations previously didn’t have a strong grasp of what information they have and where it was stored. “As security programmes mature in organisations, you tend to find more issues because they are better at identifying and managing issues that arise,” Harris said.

“You are going to have data losses: that’s a fact of life. It’s how you respond to them, clean them up and learn from them that’s the key.”

Gordon Smith was a contributor to Silicon Republic

editorial@siliconrepublic.com