4 out of 5 organizations don’t know where their sensitive data is located

The 2017 State of Cybersecurity Metrics Annual Report from Thycotic highlighted that 4 out of 5 organizations don’t know where their sensitive data is located, nor how to secure it.

The report was based on data from 400 organizations, with the majority coming from North America, ranging from small and medium-sized companies to large global enterprises. Europe, Russia, India, Central America, and South America were also represented within the report.

“It’s really astonishing to have the results come in and see just how many people are failing at measuring the effectiveness of their cybersecurity and performance against best practices,” said Joe Carson, chief security scientist at Thycotic. “This report needed to be conducted to bring to light the reality of what is truly taking place so that companies can remedy their errors and protect their businesses.”

Failures in cybersecurity planning metrics

The report highlighted: “80 percent of companies fail to discover and track sensitive data, nor do they determine where their critical data gets duplicated, and where it moves across their networks.”

This is an alarming finding, especially since organizations have less than ten months to prepare for the EU General Data Protection Regulation (GDPR). The GDPR will harmonize data protection in the EU and will apply to all organizations that process EU residents’ sensitive data, including organizations outside the EU.

Under the GDPR, organizations need to gain clarity on their sensitive data processing and will need to identify:

  • What sensitive data is held across the organization;
  • What permissions have been obtained for that data;
  • What processes and systems are in place for handling sensitive data;
  • Where sensitive data is transferred outside the organization; and
  • How sensitive data is secured throughout its lifecycle.

ISO 27001 certification demonstrates your data is adequately protected

ISO 27001 is an international standard that states best practice for an information security management system (ISMS). An ISMS is a system of processes, documents, technology, and people that help to manage, monitor, audit, and improve your organization’s information security practices.

Achieving ISO 27001 certification means your organization will be able to implement adequate and effective security measures, based on the outcomes of a formal risk assessment, to comply with the GDPR.

Implementing an ISO 27001-compliant ISMS is not only information security best practice but also integral to demonstrate data protection compliance.

Accelerate your route to ISO 27001 certification

Accelerate No. 3 Comprehensive ISO 27001 ISMS Toolkityour route to ISO 27001 compliance with documentation templates and guidance from industry experts in our ISO 27001 Cybersecurity Documentation Toolkit.

Designed and developed by expert ISO 27001 practitioners, and enhanced by ten years of customer feedback and continual improvement, this toolkit provides all the documents you need for an ISMS that complies with ISO 27001.

The No. 3 Comprehensive ISO 27001 ISMS Toolkit is a resource to see you through the entire implementation cycle. It includes the ISO 27001 Cybersecurity Documentation Toolkit, risk assessment software, industry-leading implementation guidance, and the family of ISO 27000 standards.

Get started with your ISO 27001 compliance project >>