Complacent senior executives value personal data above work data
NTT Com Security Risk:Value report reveals four personas based on the value placed on corporate data and amount of IT budget spent on security
London, UK; December 10 2014 – A report from global information security and risk management company, NTT Com Security, reveals that there are four distinct groups of organisation when it comes to measuring how much value senior executives place on their company’s data and how well that data is secured. The groups – Enlightened, Informed, Passive and Complacent – are part of the company’s new Risk:Value report, a survey of 800 senior executives (not in IT) across eight countries.
Created by analysing responses from two critical questions in the research – how important various types of data are to the organisation, and knowledge of the proportion of IT budget spent on data security – the report shows that most (82%) respondents understand the importance of their data. However, levels of knowledge about that data, and the extent to which they are willing to commit IT budget to securing it, varies widely among senior business decision makers.
Complacent respondents – the lowest of the four groups – do not see data as being important to their organisation and are most likely to value personal data above work data – 33% (personal) vs. 18% (work). Respondents in the most proactive group, the Enlightened, however, are more likely to work in organisations that protect their information and place more value on work data than personal information, with a third (33%) valuing work data over personal data and just 16% seeing personal data as more important.
Outlining each of the groups in detail, the report entitled Risk:Value – Do senior executives understand their role in data security?, reveals that:
- Enlightened organisations are prepared to commit at least 10% of IT budget on securing their data and are the most likely to have completely secured all of their critical data (62%).
- Informed decision makers are more likely to be implementing data policies, with 29% reporting that they are in the process of implementing a formal data security policy and more than a quarter (26%) currently implementing disaster recovery plans.
- Passive respondents value data but do not protect it. They are most likely to admit they do not know how much of their IT budget is spent on data security, while nearly all (93%) do not know what the financial impact would be of a data security breach.
- The Complacent group typically does not know how much budget is spent or admits only a small proportion is set aside to secure data. It is also the least likely to have a recovery plan in place in the event of a security breach (just 24%).
Simon Church, CEO, NTT Com Security, comments: “This sliding scale of organisations gives a good indication of how well respected a company’s data is by the way senior people look at it and how much they know about how well it’s protected. What’s worrying, however, is that Enlightened respondents, who are clearly the strongest of the four groups, represent 35% of senior executives, which is still a minority, while the weaker Passive and Complacent groups together represent 31%, yet show an inability, or unwillingness, to protect their data sufficiently.”
Church believes both organisations and the information security industry need to work harder, and in collaboration, to tackle this complacency: “It’s clear that organisational culture needs to change. It’s easy to think that as an industry we’re doing a good job at raising awareness of security threats just because of the headlines, but clearly it’s not enough any more to motivate organisations into action. We have to reinforce the fact that security is everyone’s problem and everyone’s responsibility and to move organisations along the Risk:Value scale from Complacent to Enlightened.”
Persona groups and key characteristics:
Percentage breakdowns for the four persona groups (based on 800 respondents in Australia, France, Germany, Hong Kong, Norway, Sweden, UK and US):
- Enlightened = 35%
- Informed = 34%
- Passive = 13%
- Complacent = 18%
The Enlightened – Enlightened respondents understand the value that data has to their organisation. They classify at least five, if not all six, types of data (consumer customer, business customer, employee, business performance, intellectual property and R&S) as important to the success of their business. They also work in organisations that commit at least 10% of their IT budget to data security, which shows they also recognise that data security is an important aspect of their business.
The Informed – Informed respondents also understand the value that data has to their organisation. As with the Enlightened respondents, they classify at least five, if not all six, types of data as important to the success of their business. However, the organisations that Informed respondents work in commit no more than 10% of their IT budget to data security, and usually less. This shows that these senior executives are likely to understand the value of data, but that their organisations are not prepared to commit significant resources to supporting data security.
The Passive – Similar to the first two persona groups, Passive respondents understand the value that data has to their organisation, but are unaware of the proportion of the IT budget that their organisation commits to data security. This group therefore is not aware of the details of how important data is regarded by their organisation.
The Complacent – In contrast to the other three persona groups, these respondents do not appreciate the importance that much of their data has to their organisation. They are also usually either unaware of the amount of IT budget that their organisation commits to data security, or are aware that their organisation only commits a small amount of their IT budget to it.
The Risk:Value report can be downloaded here:
A Risk:Value report infographic can be downloaded here:
Join the discussion on Twitter: #riskvaluereport and follow NTT Com Security at @NTTComSec_UK
NTT Com Security commissioned market research company Vanson Bourne to undertake an extensive survey of 800 senior business decision makers (not in an IT role) in Australia, France, Germany, Hong Kong, Norway, Sweden, UK and US (100 respondents in each country) in Sept 2014. Forty-five per cent of organisations had between 1001-5000 employees and 28% had more than 5000 employees. The majority (67%) had a global revenue of between $100 million and $10 billion, and 18% had global revenue of $10 billion+ per annum. Sectors included manufacturing, retail, banking/financial services, transport, healthcare, utilities, telecoms, oil & gas and government.
About NTT Com Security
NTT Com Security (formerly Integralis) is a global information security and risk management organisation, which delivers a portfolio of managed security, business infrastructure, consulting and technology integration services through its WideAngle brand. NTT Com Security helps organizations lower their IT costs and increase the depth of IT security protection, risk management, compliance and service availability. NTT Com Security AG, is headquartered in Ismaning, Germany and part of the NTT Communications Group, owned by NTT (Nippon Telegraph and Telephone Corporation), one of the largest telecommunications companies in the world. Visit http://www.nttcomsecurity.com