There’s this new term being bandied about in corporate circles these days called “knowledge assets,” which means “confidential information” critical to a company's core business operations other than personal information.
Such “knowledge assets” include things like: trade secrets; information regarding product design, development or pricing; non-public information company internal structure, plans or relationships; and “crucial” customer information, which in trucking’s case can mean everything from billing numbers to data regarding specific cargoes.
According to Jon Neiditz, co-leader, of Kilpatrick’s privacy and data governance practice, this survey aimed to determine the extent of the risk and organizational effectiveness in safeguarding such critical data, to assess whether the widespread publicity accorded data breaches subject to notification laws and related regulatory requirements have skewed organizations away from a focus on theft or loss of their most critical information, and to compile and provide helpful practices.
The two firms polled 600 corporate executives involved in data management and discovered some worrisome trends:
- Theft is rampant. 74% of respondents say it is likely that their company failed to detect a data breach involving the loss or theft of knowledge assets, and 60% state it is likely one or more pieces of their company's knowledge assets are now in the hands of a competitor.
- Companies don't know what they need to protect, or how to protect it. Only 31% of respondents say their company has a classification system that segments information assets based on value or priority to the organization. Merely 28% rate the ability of their companies to mitigate the loss or theft of knowledge assets by insiders and external attackers as effective. The great majority who rate their programs as not effective cite as the primary reasons a lack of in-house expertise (67%), lack of clear leadership (59%), and lack of collaboration between different job functions (56%).
- Executives aren't focused on this issue and its resolution. A data breach involving knowledge assets would impact a company's ability to continue as a going concern according to 59% of respondents, but 53% replied that senior management is more concerned about a data breach involving credit card information or Social Security numbers than the leakage of knowledge assets. Only 32% of respondents say their companies' senior management understands the risk caused by unprotected knowledge assets, and 69% believe that senior management does not make the protection of knowledge assets a priority.
- Boards of directors are just as clueless. The survey found boards of directors are often even more in the dark. Merely 23% of respondents say the board is made aware of all breaches involving the loss or theft of knowledge assets, and only 37% state that the board requires assurances that knowledge assets are managed and safeguarded appropriately.
- The costs of data breaches are high and it may not be covered. The average cost to remediate attacks against knowledge assets in the past 12 months was $5.4 million, with nearly seven out of 10 respondents saying that the maximum cost estimates for such attacks would top more than $100 million and almost five out of 10 assessing the cost at more than $250 million. On average, only 35% of the losses resulting from the theft of knowledge assets are believed by respondents to be covered by their company's current insurance.
- Careless employees and unchecked cloud providers are key risk areas. The most likely root cause of a data breach involving knowledge assets is the careless employee, but employee access to knowledge assets is not often adequately controlled as 50% of respondents replied that both privileged and ordinary users have access to the company's knowledge assets. Likewise, 63% of respondents state that their company stores knowledge assets in the cloud, but only 33% say their companies carefully vet the cloud providers storing those assets.
"Companies face a serious challenge in the protection of their knowledge assets. The good news is there are steps to take to reduce the risk," noted Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.
"First of all, understand the knowledge assets critical to your company and ensure they are secured,” he said. “Make sure the protection of knowledge assets, especially when sharing with third parties, is an integral part of your security strategy, including incident response plans. To address the employee negligence problem, ensure training programs specifically address employee negligence when handling sensitive and high value data."
Something to keep in mind as the trucking industry – and indeed the logistics and supply chain world as a whole – continues to “digitize” at a rapid pace.