Microsoft Cyber Security Survey Finds Businesses’ Most Valuable Data at Risk

While many IT departments are spending significantly on compliance and protection from accidental leaks of “custodial data,” most are not investing enough in protecting their organizations’ most important secrets. That’s according to a new Forrester Consulting survey funded by Microsoft and RSA.

According to the researchers, who surveyed 305 IT security decision makers globally, two types of business data need to be secured. Those include “secrets that confer long-term competitive advantage, and custodial data assets that they are compelled to protect.”

To Forrester, secrets include information such as product plans, earnings forecasts, and trade secrets, while custodial data includes customer, medical, and payment card information that becomes “toxic” when stolen or exposed.

“Significant percentages of enterprise budgets (39 percent) are devoted to compliance-related data security programs … But secrets comprise 62 percent of the overall information portfolio’s total value while compliance-related custodial data comprises just 38 percent, a much smaller proportion,” an overview of the study said.

“This strongly suggests that investments are overweighed toward compliance,” the overview continued.

Refocusing corporate cyber security while maintaining compliance

In the report, Forrester, Microsoft (NASDAQ: MSFT) and RSA, the security division of EMC (NYSE: EMC), provided a set of recommendations to help IT security organizations address rebalancing security priorities.

For instance, decision makers should identify which information is the most valuable. Additionally, they should assess the balance between protecting custodial data and secrets data.

Another smart move would be to “create a ‘risk register’ of data security risks [that] divides the risks your firm faces into two categories: compliance
risks and misuse of secrets.”

“Further, IT security professionals should also evaluate third-party relationships, especially in cases where sharing of critical data is required,” the report said. “Consider data sharing strategies that don’t require third parties to store data on their devices, such as client virtualization.”

The survey, which was carried out in November and December, polled 163 U.S.-based companies and 102 European companies, as well as 40 based in Australia and New Zealand. The companies surveyed all employ more than 5,000 people, according to Forrester.

The findings represent the latest effort by Microsoft and RSA, both security software vendors. The two collaborated as recently as a year and a half ago on more closely integrating their data protection products.

Stuart J. Johnston is a contributing writer at, the news service of, the network for technology professionals.

Latest articles

XDR Emerges as a Key Next-Generation Security Tool

Corporate networks are complex, and so is the myriad of cybersecurity solutions that protect them. Trying to manage all the security tools in a...

Best Encryption Tools & Software for 2020

Enterprises can invest in state of the art threat defenses like next-gen firewalls, microsegmentation and zero trust tools, but even the very best tools...

SASE: Securing the Network Edge

Dramatic growth in Internet of Things (IoT) devices and external users have forced IT departments to move storage and processing functions closer to the...

Kaspersky vs. Bitdefender: EDR Solutions Compared

Kaspersky and Bitdefender have very good endpoint security products for both business and consumer users, so they made both our top EDR and top...

Related articles


Please enter your comment!
Please enter your name here