Almost 60% of organizations can’t track what happens to their information once it goes out in an email or through another communication channel, a survey by data security company Kiteworks finds.
That’s a risk management problem because data breaches are correlated with how information leaves an organization.
The more communication tools an organization uses — email, file sharing, managed file transfer, secure file transfer protocol, web forms, among others — the higher the risk of information ending up where it wasn’t intended, the survey finds.
“Respondents with over seven communication tools experienced 10-plus data breaches — 3.55x higher than the aggregate,” the survey report says.
The risk is particularly high for organizations in North America because they’re the biggest users of multiple types of communication channels.
“An astounding 80% in North America employs four or more tools,” the survey report says.
High risk means high costs. There are costs stemming from the breach itself — operational downtime, diminished productivity and lost revenue — but also regulatory penalties and legal costs.
For almost two-thirds of organizations, legal costs reach at least $2 million. The bigger the company, the higher the costs. The biggest companies — those with 30,000 or so employees — reported spending more than $7 million on legal matters after an incident.
The connection between the number of communication tools and the higher risk of breaches can be seen in data on the number of outside parties that are on the receiving end of these communications. Two-thirds of organizations typically exchange sensitive information with 1,000 or more third parties, creating a tracking problem.
“As organizations increasingly rely on digital communication and collaboration and their third-party ecosystems grow, the risks associated with data breaches continue to escalate,” Patrick Spencer, Kiteworks’ vice president of corporate marketing and research, said in the report.
The biggest companies are the most at risk. A third of those with about 30,000 employees typically exchange sensitive information with more than 5,000 outside recipients.
“Third-party risk has never been higher for organizations in all industries, and the necessity of exchanging sensitive content accentuates the threat,” the report says.
The survey findings are based on responses from almost 600 risk and IT professionals in countries around the world.
Source link