Cybersecurity is a top concern of all businesses today, and it’s important to train employees properly—but not many companies are prepared. Responding to the increasing cyber threat to organizations’ most vital confidential information—their “knowledge assets”—Kilpatrick Townsend & Stockton and Ponemon Institute released its findings from The Cybersecurity Risk to Knowledge Assets study.
This inaugural study kicks off an initiative to provide organizations with the tools they need to protect their most important assets in the information age.
Knowledge assets are confidential information critical to a company’s core business—other than personal information that would trigger notice requirements under the law—including trade secrets and corporate confidential information, such as product design, development, or pricing; other nonpublic information about the organization, its plans, or relationships; or other crucial customer information.
The survey was conducted to determine the extent of the risk and organizational effectiveness in safeguarding such data, to assess whether the widespread publicity accorded data breaches subject to notification laws and related regulatory requirements have skewed organizations away from a focus on theft or loss of their most critical information, and to compile and provide helpful practices.
More than 600 individuals familiar with their companies’ approach to managing knowledge assets and involved in the management process were surveyed.
How serious is the threat and how prepared are corporate entities?
- Theft is rampant. 74% of respondents say it is likely that their company failed to detect a data breach involving the loss or theft of knowledge assets, and 60% state it is likely one or more pieces of their company’s knowledge assets are now in the hands of a competitor.
- Companies don’t know what they need to protect, or how to protect it. Only 31% of respondents say their company has a classification system that segments information assets based on value or priority to the organization. Merely 28% rate the ability of their companies to mitigate the loss or theft of knowledge assets by insiders and external attackers as effective.
- The great majority who rate their programs as not effective cite as the primary reasons a lack of in-house expertise (67%), lack of clear leadership (59%), and lack of collaboration between different job functions (56%)
- Executives and boards aren’t focused on the issue and its resolution. A data breach involving knowledge assets would impact a company’s ability to continue as a going concern according to 59% of respondents, but 53% replied that senior management is more concerned about a data breach involving credit card information or Social Security numbers than the leakage of knowledge assets.
- Only 32% of respondents say their companies’ senior management understands the risk caused by unprotected knowledge assets, and 69% believe that senior management does not make the protection of knowledge assets a priority.
- The board of directors is often even more in the dark. Merely 23% of respondents say the board is made aware of all breaches involving the loss or theft of knowledge assets, and only 37% state that the board requires assurances that knowledge assets are managed and safeguarded appropriately.
In tomorrow’s Advisor, we’ll discuss more results of The Cybersecurity Risk to Knowledge Assets study, which shows that untrained employees can be a great threat to data.