More than half of IT professionals believe their companies are still not entirely clear about current data security requirements as well as regulations imposed by laws such as Sarbanes-Oxley and HIPAA, according to a new research on data security management.
The research, conducted by Protegrity, indicates that despite the emphasis these regulations place on data security, 41% of respondents said their companies are spending 10% or less of IT security budgets on data and database security and 87% of respondents believed that internal misuse of sensitive data was the biggest threat to their companies, based on current security solutions in place.
“This data demonstrates why we´re seeing headlines about data thefts,” said Gordon Rapkin, CEO of Protegrity. “Many companies are confused about the requirements themselves. Others are overwhelmed by the prospect of putting together a cohesive strategy that encompasses the entire enterprise. And a few are still thinking ´it will never happen to us.´ But to consumers and shareholders, no excuse is good enough when it comes to data security.”
Rapkin pointed out that despite the publicized data thefts occurring during the spring and early summer, the level of investment in securing sensitive data remains very low. In a poll conducted by Protegrity in March 2005, only 7% of respondents said their companies had actually made investments in data and database security.
“Public companies disclosing data thefts report revenue losses in the millions and even bigger losses in market capitalization,” said Rapkin. “It´s unconscionable that these incidents continue to happen. Data must be secured at every step – from the moment the credit card is swiped until all records of the transaction have been deleted. Any organization in this chain is obligated to protect the credit card number and other private data. Consumers should never have to worry about the security of their personal data.”