Stored data presents unique challenges for enterprise security, and the survey is a first-of-its-kind study on the topic, according to the institute. Derived from a national sampling of nearly 500 experienced information security practitioners, the survey reveals a number of key findings, including:
- Eighty-one percent of companies surveyed reported the loss of one or more laptop computers containing sensitive information during the previous 12 months.
- Loss of confidential data, such as intellectual property, business documents, customer data and employee records, is a pervasive problem.
- PDAs and laptops ranked highest among storage devices posing the greatest risk for sensitive corporate data, followed by USB memory sticks, desktop systems and shared file servers.
- Sixty-four percent of companies surveyed reported never having conducted an inventory of sensitive consumer information. Sixty-four percent also reported never having inventoried employee data.
- When asked how long it would take to determine what actual sensitive data was on a lost or stolen laptop, desktop, file server or mobile device, the most frequent answer was "never" -- ranging from 24 percent for a file server to 62 percent for an employee's home computer.
- Eighty-one percent of respondents report that protecting sensitive "data at rest" is a priority this year, and 89 percent anticipate that it will be a priority next year.