Experts On Demand

15.03.2011

Survey Time

New survey results provide insight into both improvements and shortfalls – and their associated business risk impacts – in current enterprise data protection and data governance practices.

Focal Points:

  • An InformationWeek Analytics survey of 420 business-technology professionals in North America found that most respondents were ahead of the curve in implementing new technologies in their backup practices. Predominantly, the respondents came from mid-market businesses, or companies with fewer than 500 employees. According to the survey, more than half of the respondents back up at least some of their server data to disk, and half use some form of data deduplication. Moreover, 36 percent of respondents said that they are very satisfied with their backup systems, and 44 percent reported that they were somewhat satisfied. Only six percent stated that they are somewhat or very dissatisfied with their backup systems. Additionally, results found that there are small differences between the technologies respondents are currently using for their backups and those that they plan to employ in the future. While 13 percent expect to add hardware deduplication, the same percentage plans to start using software deduplication. Meanwhile, only six percent reported that they will stop backing up directly to tape. Finally, the survey found that five percent of respondents plan to increase their use of snapshots and 14 percent expect to increase their use of cloud backup.
  • The latest Ponemon Institute's "Annual Study: U.S. Costs of a Data Breach" found that data breach victims often move too quickly, wasting money and losing customers unnecessarily. The study, sponsored by Symantec Corp., showed that the cost of a data breach rose for the fifth straight year to an average $7.2 million per incident, or $214 for every compromised customer record. Companies that respond to data breaches by immediately notifying their users end up spending 54 percent more per record than companies that move more slowly, according to the findings. 43 percent of respondents notified customers within one month of discovering the breach, and incurred per record costs of $268, up 22 percent from 2009. Companies that took longer than a month spent only $174 per record, down 11 percent from 2009, the study added.  According to Ponemon, the biggest cost of data breaches is customer churn. Companies that spend the time to detect which customers are actually at risk and require notification ultimately spend less. The study also found that malicious or criminal attacks are the most expensive, and are on the rise. In 2010, 31 percent of all cases involved a malicious or criminal act, up seven points from 2009, and averaged $318 per record, up 43 percent from 2009. Finally, the study also found that detection and escalation costs went up by 72 percent. This suggests that companies are investing more resources in data breach prevention and detection.
  • A survey conducted by The Information Difference Ltd. and the Data Governance Institute found that data governance has increased dramatically over the last year. Respondents were from 134 organizations and hailed from a wide range of industries. According to the findings, 57 percent of respondents consider their data governance programs to be partly successful. Costs for setting up the programs varied by organization size; although the mean cost was $3.5 million with ongoing annual costs of $1.2 million, the survey added. Disappointingly, only 11 percent of companies reported trying to measure the monetary benefits of their programs, and only 54 percent said that they make an attempt to measure the cost of poor data quality. Meanwhile, the survey also found that 58 percent of respondents admit to not having an effective register of business risks, including 68 percent in the banking sector, and only 16 percent have a fully effective process. Another interesting finding from the survey is that respondents said that there is little technology to support data governance. Overall, 72 percent have deployed no specific technology to help with the process, while six percent reported developing their own tools.  

Experton Group believes company executives in the main have not yet done a sufficient business operational risk management analysis to ensure their firms are adequately protected from major catastrophes. It seems most corporate executives have not learned the lessons from the 2008 financial meltdown or any of the subsequent crises since then. While the InformationWeek study found more than half of the mid-market companies take action every week to protect their data, it also found 20 percent of the firms take no actions whatsoever. This is a disaster waiting to happen. Meanwhile, the Ponemon study shows that most business executives do not have well thought out plans for addressing breaches but instead use the buckshot approach. IT executives should work with business executives to build better breach and crisis management plans and processes so that risks are better minimized. Lastly, it is disappointing to see that data governance groups are not able to demonstrate the business value of their programs. Data governance initiatives should not be left to being a "feel good" exercise but should be able to demonstrate ongoing value in terms of executive decision-making and risk management. IT executives should work with business and financial executives to establish the value proposition and demonstrate the cost/benefits of the each data governance undertaking.

<- Back to: Pressemeldungen

Press

Experton Group is the leading fully integrated research, advisory and consulting company for mid-sized and large organizations, maximizing the business value of their ICT investments through innovative, neutral and independent expert advice.

Experton Group offers consulting services, market surveys, conferences, seminars and publications related to information and communications technology issues.

Our consulting portfolio includes technology, business processes, management and business co operations, investments and mergers.