An Informatica-sponsored report reveals that, for 48% of IT practitioners in the UK, sensitive personal data contained in their company’s databases and applications has been compromised or stolen by a malicious insider. The majority (65%) also agree that they find it difficult to comply with privacy and data protection regulations in production and development environments.
Under the terms of the UK Data Protection Act, the Information Commissioner’s Office (ICO) has taken a tougher approach to handing out penalties for information breaches for the year up to June 30, 2012. Recent figures from the ICO reveal that it issued a record 68 warnings, up 48% from 46 during the previous year.
Yet, despite the risks of data breaches, the research from Informatica reveals that, of the 532 senior IT and IT security practitioners surveyed – 65% of whom work in organisations with a headcount of more than 1,000 – organisations are still struggling to get a grip on their data. Widespread vulnerabilities, inadequate budgets, and difficulties complying with privacy and data protection regulations are proving the biggest challenges.
- 59% admit they are not confident that they would be able to detect the unintentional loss or theft of sensitive personal information contained in databases or applications in the production environment
- Nearly half (48%) of respondents say sensitive personal data contained in their company’s databases and applications has been compromised or stolen by a malicious insider
- 71% find it difficult to restrict user access to sensitive information in the IT and business environments
- However, only 25% of respondents say they have adequate budgets to invest in the necessary solutions to reduce the insider threat.
“Beyond the threat of hefty fines, UK organisations need to deal with the impact of data breaches on hard-won consumer trust,” said Adam Wilson, general manager, ILM, Informatica. “The risks are compounded by the differences in data privacy laws across countries in the EU as well as complexities of protecting data in the cloud. Informatica enables organisations to face these challenges by providing jurisdiction aware data masking and masking for cloud applications such as Salesforce.com.”
In addition to the risk from internal staff and company processes, the research also highlights significant threats to data that is shared with third parties, including cloud providers. According to Gartner, cloud computing is forecast to grow 19% in 2012, a faster rate than overall IT spending. Yet an alarmingly high proportion of respondents surveyed claim their organisations are not adequately protecting sensitive corporate and customer data in the cloud.
- 67% say the security or privacy risk posed by cloud providers accessing confidential data is high or very high
- 60% agree that the inevitability of a data breach in the cloud is such that it is likely to have happened already or will happen in the future
- 51% say their organisations believe it is important to anonymise, mask, suppress or encrypt information when transferring to third parties, including cloud providers
- 69% say their organisation is not able to detect the loss or theft of personal information operated by third parties, including cloud providers.