Like a compulsive shopper who continually purchases items that will never be used, most businesses are collecting far more data on their customers than they can ever analyze—or even properly classify. And like that shopper who’s in danger of mounting credit card debt, businesses engaged in uncontrolled data gathering also face a costly risk that they may be in violation of new data privacy laws.
Two in three companies are unable to analyze all the consumer data they collect and only half know where all of their sensitive data is stored, according to a new survey of 1,050 IT decision makers and 10,500 consumers worldwide. Compounding the problem, more than two thirds of the organizations surveyed admit that they don’t carry out all the procedures mandated by data protection laws, such as the European Union’s stringent new General Data Protection Regulation (GDPR), which took effect in May.
Ironically, the study also found that despite nine out of 10 companies agreeing that analyzing their customer data gives them a competitive edge, in some countries such as Britain fewer than one in five are able to do so. Even in India, home to more companies that make use of their consumer data than any other country surveyed, only 55 percent of businesses actually do it. The research was conducted by Gemalto, an Amsterdam-based provider of digital security with $3.5 billion in revenue and customers in over 180 countries.
“If businesses can’t analyze all of the data they collect, they can’t understand the value of it—and that means they won’t know how to apply the appropriate security controls to that data,” says Jason Hart, Gemalto’s vice president and CTO for data protection. “Whether it’s selling it on the dark web [or] manipulating it for financial gain unsecured data is a goldmine for hackers. What’s more, data manipulation can take years to discover, and with data informing everything from business strategy to sales and product development, its value and integrity cannot be underestimated.”
There was little argument that corporate data is at risk. Among the IT professionals interviewed, nearly a third reported that their security had been breached within the past 12 months and that only 10 percent of the data that was compromised was protected by encryption. Two-thirds (68 percent)of the respondents believe that unauthorized users can access their corporate networks, and only half (48 percent) felt that their perimeter security could effectively keep intruders at bay. Even fewer (43 percent) thought that once their network was penetrated that their data would still remain secure.