Data is everywhere. What constitutes sensitive data for organizations today has greatly expanded in type and format. In my latest report, The State Of Data Security, 2023, we reviewed and analyzed Forrester survey data to identify the key data security trends of the year. This includes diving into the causes of breaches, the types of data being compromised, post-breach effects and impact, how and where firms expect to enable data controls, and security decision-makers’ attitudes toward various approaches to data security for their cybersecurity programs and privacy compliance. Here are a few of the highlights:
- Breach concerns don’t match reality. When looking at the type of breaches that security decision-makers are concerned about versus the types of breaches that their organizations actually experience, our data shows that security leaders often underestimate lost or stolen assets as a cause. Such assets can include smartphones, tablets, laptops, external hard drives, and USB flash drives. By underappreciating the risk that lost or stolen assets can create, organizations are leaving themselves vulnerable today.
- Some differences exist in post-breach impact, depending on the type of data compromised. A common effect of a breach of personal data is manipulation of data. In a breach of corporate data, respondents are also more likely to see theft of data. One pattern repeats, regardless of whether the breach involves personal data or corporate data such as intellectual property: There are repercussions for cyber insurance. Regardless of the data type compromised, organizations are increasing post-breach spending on new technologies, especially new detection technologies. Those experiencing a breach of corporate data are also more likely to invest in new technologies for protection.
- Firms turn to multiple approaches for protecting data in cloud environments. We analyzed regional data regarding how organizations protect assets and environments in the cloud. Security decision-makers across regions are likely to turn to centralized cloud workload security management and cloud security gateways, among the top approaches. European enterprises, however, have a stronger likelihood of using cloud gateways or cloud access security brokers compared to North American or Asia Pacific enterprises. Meanwhile, there is a similar likelihood across regions to encrypt data before it moves to the cloud as a key approach for protecting data.
Check out the full report, The State of Data Security, 2023, for more details and for other trends in data security. Questions? Schedule an inquiry or guidance session with me to discuss these topics further.
[written with Danielle Chittem, research associate]