Skip to main content

Home > Categories > Privacy Program Management > Varonis Report Identifies Widespread Shortcomings of Organizational Data Security Despite Increased Pressure of Regulations

Home > Categories > Privacy Program Management > Research > Varonis Report Identifies Widespread Shortcomings of Organizational Data Security Despite Increased Pressure of Regulations

Varonis Report Identifies Widespread Shortcomings of Organizational Data Security Despite Increased Pressure of Regulations

Varonis reports that even after GDPR, businesses still are failing to effectively protect sensitive data. The report investigated Data Risk Assessments performed in over 30 countries, across over 30 industries. GDPR has been in full effect for over a year, but many organizations are still struggling to comply with adequate protection of sensitive data. The Varonis report highlights that 53% of companies found over 1,000 sensitive files accessible to all employees, meanwhile 22% of folders were open to every employee. On top of that, over 58% of organizations found over 1,000 stale user accounts and on average, 53% of data was stale across the organizations studied. In fact, 71% of organizations found over 5,000 stale, sensitive files.

Our Take

Organizations need to take a strict approach to data privacy. Based on the findings of the report, it is evident that many organizations need to implement more appropriate measures to limit internal access to sensitive and regulated data. Audits and reviews of servers to assess the relevance of their access groups is a must-do for any organization aiming to be compliant with regulations like GDPR or CCPA.

The prominence of stale data is a concerning statistic. By keeping sensitive files past their mandatory retention period, organizations are introducing additional unnecessary risk. To address this, organizations are encouraged to implement Privacy by Design practices, by minimizing the amount of sensitive data that is collected, accessible, and retained. Once it is no longer needed, the stale data should be archived or deleted.

Organizations must not only focus on keeping attackers out, but also focus on securing data internally. Preventative controls, such as encryption, can work in tandem with stricter access controls to help organizations reach compliance with new and existing privacy regulations.

Want to Know More?

Fast Track Your GDPR Compliance Efforts

Discover and Classify Your Data

Other Recent Research in Privacy Program Management

Privacy Program Management

Proteus-Cyber Provides a Tactical Solution for Schrems II Stress With the Transfer Impact Assessment (TIA) Tool

The recent Schrems II invalidation of the EU-US Privacy Shield has added a layer of difficulty for organizations that operate across borders, as they now require additional contractual clauses and measures in place to ensure data can transfer freely. Privacy program management vendor Proteus-Cyber offers a streamlined solution with the release of its Transfer Impact Assessment tool.

Privacy Program Management

TrustArc Teams Up With BigID

TrustArc is partnering with BigID to add protection of sensitive data to its roster of data privacy and compliance capabilities. The move closely follows a partnership announced by two other major players in the data privacy and governance space, OneTrust and Integris.

Privacy Program Management

OneTrust and Integris: Part II – The Integration

An acquisition borne out of its users’ primary needs, OneTrust’s recent integration with data discovery giant Integris optimally positions the privacy program management software vendor against competitors in the market.

Privacy Program Management

Ethyca’s Additional $13.5 Million in Series A Funding Drives Momentum for Automation Features

The industry’s first self-service privacy software solution Ethyca receives its second round of investor funding, aptly timed with the release of Ethyca Pro. The privacy management solution provides full automation capabilities for data mapping, data subject requests (DSRs), and consent management for various international privacy regulations.