Enlightened, Informed, Passive and Complacent are the four distinct personas of organisations when it comes to valuing and securing corporate data.

800 senior executives across eight countries were surveyed by NTT Com Security, with the findings forming the company’s latest Risk:Value report.

The report found that the majority of respondents (82%) understood the importance of data, but issues with knowledge and IT budget varied widely among said respondents.

The lowest of the four groups, Complacent respondents, did not see data as being important to their organisation and are most likely to value personal data above work data – 33% (personal) vs. 18% (work).

Those who were categorised as Complacent also did not know how much budget is spent, or admitted that very little was spent on securing data. They were also the least likely to have a recovery plan in place in the event of a security breach (just 24%).

This was in contrast to the most proactive group, the Enlightened, with 33% valuing work data over personal data and just 16%seeing personal data as more important. Enlightened respondents were also prepared to spend at least 10% of IT budget on security, with 62% having completely secured all of their critical data.

Just below the Enlightened was the Informed, who were most likely to be implementing data policies, with 29% reporting that they are in the process of implementing a formal data security policy and more than a quarter (26%) currently implementing disaster recovery plans.

Just above the Complacent was the Passive respondents, a group who were most likely to admit they do not know how much of their IT budget is spent on data security, while nearly all (93%) do not know what the financial impact would be of a data security breach.

Simon Church, CEO, NTT Com Security, comments: "This sliding scale of organisations gives a good indication of how well respected a company’s data is by the way senior people look at it and how much they know about how well it’s protected."

"What’s worrying, however, is that Enlightened respondents, who are clearly the strongest of the four groups, represent 35% of senior executives, which is still a minority, while the weaker Passive and Complacent groups together represent 31%, yet show an inability, or unwillingness, to protect their data sufficiently."

Church believes both organisations and the information security industry need to work harder, and in collaboration, to tackle this complacency: "It’s clear that organisational culture needs to change."

"It’s easy to think that as an industry we’re doing a good job at raising awareness of security threats just because of the headlines, but clearly it’s not enough any more to motivate organisations into action."

"We have to reinforce the fact that security is everyone’s problem and everyone’s responsibility and to move organisations along the Risk:Value scale from Complacent to Enlightened."