A new report from Chicago-based cloud services provider (CSP) Trustwave shows that most businesses are fully aware of their legal responsibilities in protecting sensitive data. Trustwave researchers, however, also pointed out that few businesses host security awareness tutorials and security planning meetings to keep their employees up to date about ongoing IT security issues.
Trustwave's "2014 State of Risk Report," released this month, revealed that 60 percent of businesses said they understand their legal responsibilities in safeguarding sensitive information, but 21 percent said they never perform security awareness training.
Also, 23 percent said they never hold security planning meetings, and 24 percent noted they do not have employees read and sign their businesses' information security policies.
Other report results included:
- 81 percent of businesses said they store and process financial data, 71 percent store intellectual property and 47 percent store payment card data.
- 45 percent said they have board- or senior-level managers who take only a partial role in security matters, and 9 percent do not partake at all.
- 33 percent said they have not completed a risk assessment to identify where their valuable data lives and what controls — if any — are in place to protect it.
"[Businesses] must look at security as a business-as-usual imperative," Michael Aminzade, Trustwave's vice president of global compliance and risk services, said in a prepared statement. "Understanding their risk level is the first step. By identifying their largest security shortfalls and rectifying them, businesses can stay ahead of the criminals and decrease their risk of getting breached."
The Trustwave report included responses from 476 information technology and security professionals worldwide.
Many businesses are prioritizing data protection
While some businesses are struggling with IT security issues, many others are prioritizing data protection.
A new survey from professional services company KPMG revealed the risk of intellectual property theft is the most significant challenge to doing business in the cloud, followed by data loss and privacy risk.
And as a result, many businesses are taking the necessary steps to secure their sensitive information, according to KPMG.
"While the challenge posed by cloud-related data loss and privacy threats is less pronounced in the minds of global industry leaders, they are still taking the issue seriously," Rick Wright, KPMG's principal and global cloud enablement leader, said in a prepared statement.
"The clear trend in the data that we have collected shows that, even in the face of significant media attention paid to recent data breaches, global leaders are still willing to embrace the transformative potential of the cloud," he said.