Firms failing on data sharing

Firms are acting to secure sensitive data, but third party risks remain

Over half of organisations are failing to manage the risks of sharing data with third parties, although many are now investing in securing the capture and storage of sensitive data, according to a new global survey by consultancy Ernst & Young.

The firm's Global Information Security survey of 1,200 public- and private-sector organisations in nearly 50 countries found that more than three-quarters cited privacy and data protection as a significant issue, with 52 percent addressing privacy and data protection with formal procedures.

"It's been an issue for years but it has been done in an ad-hoc way through point solutions," explained the firm's UK head of Technology and Security Risk Services, Richard Brown. "What's caused that is a combination of consumers being more savvy in that area, and organisations getting on top of segregation of duties and securing data."

He added that although many firms are now taking "a good solid risk management approach" to data security, it is becomingly increasingly important to have disaster-recovery processes underpinning that. But only half of respondents said they actually tested their plans while only 46 percent said they have communication strategies in place.

Another major finding of the survey was the lack of formal agreements with third-party suppliers for secure data-sharing in just over half of firms. Brown argued that this is because contracts are often set up without the input of the CIO, who should enforce compliance with corporate standards over data security.

Donald Massaro, chief executive of secure messaging specialist Sendmail, agreed that firms are now taking data security a lot more seriously, driven by compliance to new legislation and high-profile data breaches.

"It has reached a tipping point in the States and the Californian [data breach notification] law has put some teeth on it," he explained. "Also, losing intellectual property is a violation of Sarbanes Oxley; it's all high visibility stuff that has the attention of [C-level executives] and it's moving over into Europe."