Eighty-one percent of companies have lost one or more laptops containing sensitive information this year, according to a new survey of 500 information security professionals.
The result has been a loss of confidential data including intellectual property, business documents, customer data and employee records, according to the Ponemon Institute.
One of the main reasons corporate data security breaches occur is because companies don't know where their sensitive or confidential business information resides within the network or enterprise systems, Larry Ponemon, chairman of the Ponemon Institute, said. "This lack of knowledge, coupled with insufficient controls over data stores, can pose a serious threat for both business and governmental organisations," Ponemon said. "Moreover, the danger doesn't stop at the network, but includes employees' and contractors' laptop computers and other portable storage devices."
The study also found that handheld devices and laptops pose the greatest risk for sensitive corporate data, followed by memory sticks, desktops and shared file servers; 64 percent of companies have never conducted an inventory of sensitive consumer information; and the same number have never taken an inventory of employee data. Asked how long would it take to determine what actual sensitive data was on a lost device, the most frequent answer was, startingly, "never", according to the survey.
"Corporations are clearly struggling with the challenges of identifying and protecting sensitive data, as well as developing successful strategies for securing confidential information stored among the myriad devices that make up today's data networks," said Ponemon. "Our findings point to the shockingly high risk to both business and consumers of undiscovered confidential data, but we believe that the data also serve as a compass to help point organisations toward effective solutions to this vexing problem."