Nearly three-quarters of firms believe that they have adequate policies in place to protect sensitive, personal information, but more than half have lost sensitive data within the past two years and nearly 60% of those organisations acknowledge data loss as a recurring problem, according to findings of a global study released by Accenture.
The study, based on a survey of more than 5,500 business leaders and 15,500 adult consumers in 19 countries, found that 58% of business respondents have experienced at least one data security breach over the past two years, yet 73% said their organisation has adequate policies to protect the personally identifiable information it maintains.
According to the study, 70% agreed that organisations have an obligation to take reasonable steps to secure consumers’ personal information. 45% of respondents were unsure about or actively disagreed with granting customers the right to control the type of information that is collected about them, while 47% were unsure about or disagreed with customers having a right to control how this information is used.
Accenture said that nearly half also did not believe it was important or very important to limit the collection (47%) or sharing (46%) of sensitive personal customer information; protect consumer privacy rights (47%); prevent cross-border transfers of personal information to countries with inadequate privacy laws (47%); prevent cyber crimes against consumers (48%); or prevent data loss or theft (47%).
The study revealed that business or system failure (57%) and employee negligence or errors (48 %) were cited most often as the source of the breaches while cyber crime was cited as a cause of only 18 % of security breaches.
The firm said that 70% of respondents regularly monitor privacy and data protection regulatory compliance requirements, yet data breaches have occurred in 58 % of organisations polled.
Respondents in organisations that did not have a data-security breach were more likely to know where personal information on customers and employees resides within their organisation’s IT enterprise (75 % versus 66 %); and were more likely to feel an obligation to control who has access to personal data (72% versus 60%).
Alastair MacWillson, managing director of Security practice at Accenture, said: “Our study underscores the importance of taking a comprehensive approach to data privacy and protection, one that closes the gaps between business strategy, risk management, compliance reporting and IT security.”
