IT security professionals continue to be hard-pressed to stay ahead of malicious hackers, but at least they’re growing more aware of the risks to their companies’ knowledge assets.
A large majority of them acknowledge it’s likely that high-value assets of their companies have been breached. Eighty-two percent of security practitioners said so in the second annual study on the topic by law firm Kilpatrick Townsend and the Ponemon Institute, conducted last December. That was up from 74% in the first study a year earlier.
Further, the proportion of respondents saying it’s likely that company knowledge assets are in the hands of a competitor rose to 65% from 60%.
Reported costs to recover from a breach rose sharply last year, to an average of $6.8 million, from $5.4 million in 2016.
According to the study, “knowledge assets” include profiles of high-value customers; information about product design, development, and pricing; pre-release financial reports; strategic plans; confidential information about existing relationships or contemplated transactions; source code; and research-and-development secrets.
Most respondents (84%) said the maximum loss their organizations could experience resulting from a material breach of knowledge assets exceeded $100 million, compared with 67% who said so in the prior study.
Companies are taking many actions that underscore their growing awareness of risks to knowledge assets.
For instance, boards of directors are increasingly requiring assurances that such assets are managed and safeguarded appropriately — 58% of survey participants said that’s the case at their company, up from 50% in the first study.
Also, 73% of respondents are focusing training and awareness programs on decreasing employee errors in the handling of sensitive and confidential information.
Further, there is greater recognition that third-party access to a company’s knowledge assets is a significant risk. More companies are requiring proof that third parties meet generally accepted security requirements (41% in the new study, compared with 31% a year earlier).
More companies, too, are aware that nation-state attackers are targeting corporate knowledge assets (61% of respondents, up from 50% in 2016).
Ponemon did a special analysis of 89 respondents who rated their organizations’ effectiveness at protecting knowledge assets as very high (a 9 or 10 rating on a 10-point scale). More than other organizations, these high-performing ones tend to: