"About 80 percent of Indian enterprises have agreed that loss or theft of critical data is a serious information security risk they face after threats from viruses and hackers," the survey, commissioned by security solutions provider Symantec India, said in its latest report.
Though enterprises have been sanguine on investing heavily in building their IT infrastructure for end-to-end efficient operations, adoption of technologies to prevent or detect data loss has been abysmally low due to lack of awareness or seriousness over the implications of the risk.
"The need to protect sensitive information like source code, intellectual property, employee and customer accounts has made enterprises realise that data loss can turn into a disaster in terms of competition, compliance and credibility," siad Symantec India managing director Vishal Dhupar .
The survey, conducted in August involving heads of IT infrastructure in verticals spanning banking and finance, manufacturing, media and entertainment, telecom, and IT and IT-enabled services, showed only 15 percent of Indian enterprises had any form of data loss prevention measures in place.
The awareness on the impact and consequence of data loss or how prevention technologies could safeguard them was only 32 percent among the 142 enterprises that responded to the survey. "In fact, 16 percent of the enterprises admitted to have lost data in the recent past for various reasons, including unaware users, malicious insiders and external threats from hackers and cyber-criminals," said Dhupar sharing the findings of the survey.
Keeping in view the criticality of data, large enterprises in verticals like banking, finance and insurance (BFSI) and IT/ITeS have been early adopters of data loss prevention technologies, as about 50 percent of the data is sensitive to their operations.
"But medium and small enterprises in diverse verticals have been lagging in adopting prevention measures due to difficulty in data classification, budgetary constraints and lack of priority or importance of protection," Dhupar averred. The survey also revealed how a majority of enterprises considered firewalls, log analysers, intrusion prevention and detection solutions as adequate to protect their data from being lost or stolen.
Among enterprises adopting data loss prevention technologies, over 80 percent of them opted for patch or silo based implementation, while 45 percent of non-users felt no need for such technology under the assumption that security solutions were enough to protect their data.
"High-risk sectors like BFSI have implemented technologies to prevent data loss, while 30 percent of enterprises in IT/ITeS, 18 percent in telecom and 12 percent in manufacturing have invested in protecting their sensitive data," Dhupar noted.
Even as data loss from desktops or personal computers remains a serious threat, increasing usage of laptops and smart phones by their mobile workforce poses a greater risk to enterprises.
According to a Gartner Consumer survey, sale of laptops is projected to grow by 37 percent in 2009 to 3.69 million units, constituting one-third of the total PC (personal computer) market, which is set to grow only by 13.7 percent to 1.1 million units.
"The increasing trend of mobile workforce poses a greater challenge to enterprises in protecting data stored in laptops or smart phones if they are lost, misplaced or stolen. Even unsuspecting employees can steal a company's data stored in laptops for gain or ulterior motive, resulting in loss of confidential, sensitive or proprietary information," Dhupar pointed out.
A study by the US-based Ponemon Institute, about 60 percent of employees who are either sacked or resign steal company data to leverage a new job. About 60 percent of employees who recently changed jobs reported taking confidential data from their previous employer. This included customer lists, employee records, non-financial information. The top three ways data is lost are through CDs,DVDs and USB drives.
According to global industry studies, data breach incidents in 2007 cost companies $197 per lost customer. The average total per-incident cost in 2007 was $6.3 million. The average cost of a data breach is $6.7 million per breach, or $202 per record.
