Data Loss Epidemic

Most UK companies are losing data every month a survey has found. The majority of UK businesses, 79 per cent, are losing data at least once per month, according to the survey of 250 senior IT staff at businesses larger than 1,000 staff.. Read the rest of the article here.

The results of such surveys are great marketing for companies such as CA with their portfolio of threat management tools. I suppose the question is how you define “losing data.” One record or a thousand records? Do you want to count every lost USB stick and mobile phone? Perhaps you should if they are likely to contain private data. Most of the problem is that we don’t know where all our data is. There’s no neat perimeter – it’s everywhere from in your pocket to the third party company that does your mailshots.

Personally I’d prefer to not play on scare stories and wild statistics. There’s a change of attitude required. We’re not going to solve data security problems with technology alone and it’s not simply an IT problem. It’s culture, training, awareness, and technology. We need people to start asking how to protect data rather than waiting to be told.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Your post focuses on a specific series of findings published by in a more generalist, network-based research programme, so perhaps it does less than justice to our underlying security philosophy of education, education, education about the risks, and then following agreed policies. We certainly agree there has to be a change in mindset about data security. After all, technology can only automate the security processes that are in place. The biggest risks will always come from people in the workplace so it’s so necessary to keep educating people, over and over again, to make the difference. This is fundamental in all our work as the paper shows. Data security seems to be reaching a kind of tipping point with C-level and IT realising they are going to have to do something fundamental about security to reduce financial loss and prospect of fines. The example we’ve really got to follow is the airline industry which has reached its level of safety because it takes near misses so seriously. The IT industry (and others) needs to be much more open in discussing incidents and face the problems it’s facing, particular with the ‘people’ side of things. People aren’t machines - this education and motivation is fundamental. It would be good to discuss the ‘change of mindset’ issue in more detail. Mike Small