Netwrix Survey: 27% of the UK organisations discovered sensitive data outside of dedicated locations, even though 91% were sure it is stored securely
February 2020 by Netwrix
Netwrix announced the release of its 2020 Data Risk & Security Report, which gathered insights from 1,045 respondents worldwide, 102 of which were from the UK. The study aimed to find out how organisations treat their sensitive and regulated data during each stage of its lifecycle to identify potential security gaps.
The survey showed that data storage is the most problematic stage for British organisations. Even though the vast majority of the respondents (91%) were sure that their sensitive data was stored securely, every fourth (27%) organisation discovered it outside of designated secure locations in the past 12 months. The data was left overexposed for days (33%) or weeks (22%). Incidents with misplaced data is a common trend worldwide. However the UK companies are more prone to it, especially if compared to other European countries, where on average only 18% had similar incidents.
Other notable findings for the UK include:
• 45% of respondents that must comply with the GDPR are unsure whether their organisations gather more customer data than the law permits at the stage of data creation
• 14% of organisations experienced security incidents at the stage of data sharing, half of the incidents resulted in data compromise
• 15% of organisations have mistakenly deleted necessary, sensitive or regulated data over the past year at the stage of data disposal, which violates GDPR requirement in a robust data retention programme (Article 25)
• 59% think it is difficult to get rid of redundant, old, and trivial data
• 72% of the UK respondents indicate that the need to deal with data subject access requests (DSAR) puts additional pressure on their IT teams; however, those respondents who have their data classified respond to a DSAR in 5 hours, while those who don’t spend three times longer
“Today, understaffed IT departments in the UK organisations experience significant pressure as they not only have to protect their organisations against cyber threats and respond to auditors’ requests, but also to manage DSAR requests. With such a workload, they struggle to ensure their sensitive data is equally protected at all stages of data lifecycle, and often fail. To address this challenge, the UK cyber security leaders need to obtain visibility into all internal processes and user activity that involve sensitive data. This will enable them to prioritise their efforts and mitigate security and compliance risks more efficiently,” said Matt Middleton-Leal, EMEA and APAC General Manager at Netwrix.