Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More

Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
News Releases

New Trustwave Study Finds Major Variances in How Different Countries and Industry Sectors Value Their Critical Data

U.S. security professionals value their personally identifiable information more than twice as much as their U.K. counterparts

CHICAGO - December 14, 2017- Trustwave today released the "Value of Data Report," a sponsored research report conducted by industry analyst firm Quocirca. This global study includes a survey of 500 information technology (IT) decision makers in the United States, Canada, United Kingdom, Australia and Japan, examining attitudes towards the value of confidential data including: personally identifiable information (PII), payment card data, intellectual property (IP) and email. It reveals significant differences in both the level of vigilance applied to assessing and mitigating the level of risk, as well as the relative value attached by different verticals, countries, and stakeholders to various types of data.

Key highlights from the Value of Data Report from Trustwave include:

  • U.S. professionals value their PII data more than twice as much as their U.K. counterparts: The average per capita value (PCV) of PII in the U.S. is $1,820 versus $843 in the U.K. and $1,025, $1,186 and $1,040 respectively in Canada, Australia and Japan.
  • Different levels of importance are placed on different data types such as PII, IP, payment card data and email:  PII (47.4%) is given a higher priority than IP (27.6%), followed by payment card data (18.4%) and with corporate email (6.6%) coming last.
  • Dramatic differences exist between values placed on PII data by attackers, security professionals, insurers and regulators:  The mean per capita value (PCV) placed on a PII record by cybercriminals is $39 compared to $1,198 by IT professionals, $3,211 for insurers and $8,118 for regulators.
  • "Data risk vigilance" (DRV), a measure of efforts to protect data, is highest among Canadian firms and lowest amongst Australian businesses with the U.K. in the middle: The study assessed the measures organizations put in place to care for their data according to ten separate factors. Canadian and U.S. companies earned the highest DRV and were therefore more data risk vigilant, followed by the U.K., then Japan and Australia. Financial companies and IT/Communications companies were the highest scoring verticals and hospitality and retail the lowest scoring. 
  • Industry sector influences the type of data that is given highest priority: Healthcare and hospitality sectors prioritize PII data with an average score of 3.5 and 3.4 out of 4, while industrial and IT/Communications companies rank IP as most important at 3.0 and 2.9 out of 4.
  • Shareholder data and patient data are the most valuable data types: Shareholder data is most highly valued by IT professionals at more than $1,700 per record, followed by patient records with a mean value of more than $1,500 and consumer data at just more than $1,000 per record - lowest ranked are contractors at just less than $600 per record.  
  • Patient data is the most rigorously risk assessed: Nearly 80% of organizations seeing patients as their prime data subject said they had carried out a comprehensive risk assessment, more than for any other data subject. In the U.K., where healthcare is largely controlled by the government through the National Health Service (NHS), this rose to 90% and in the U.S., where regulation is tight through Health Insurance Portability and Accountability Act (HIPAA), to 85%. 
  • Certain types of PII are much less assessed in terms of risk: Contractors' and suppliers' individual PII data is less rigorously assessed than other types of PII, such as patient data. Forty five percent of companies holding contractors' private data and 42% holding suppliers' data failed to conduct comprehensive risk assessments of the data.
  • Corporate security and risk professionals massively over-estimate the value of PII data for sale on the black market: Overall criminal resale values for PII on the black market are less than 5% of the value that enterprise security professionals estimate them to be worth. For a payment card record, security managers over-estimate by 60 times the actual criminal values of data for sale on the black market. For a single banking record, it is 2,000 times.

Trustwave Vice President of Security Research Ziv Mador said, "Today, data is one of the most valuable commodities possessed by any business. Whether that data belongs to the organization itself, its employees, suppliers or customers, it has a duty to protect that data to best of its ability. Companies that fail to accurately value their data are unlikely to make the right decisions regarding the level of cyber security investments to protect that data and are those most likely to fall short of regulations, such as the upcoming European Union General Data Protection Regulation (GDPR) coming into effect in 2018. Businesses should look to the managed security services business model so that they have the confidence that full data risk vigilance is applied to all types of confidential and valuable data by specialists in the industry."

Bob Tarzey, senior security analyst at Quocirca and principal author of the study said, "Data is transforming businesses in the early 21st century in the same way electricity did at the start of the 20th. For nearly all businesses their PII and IP are essential assets that are enticing targets for criminals, those storing payment card data are the most tempting target. Data subjects, are becoming more aware of the value their data has to the businesses they deal with and are less forgiving when things go wrong. However, even as one data breach is eclipsed by another in the eye of the press, the regulators will continue to investigate the most serious as they are invested with more powers and the clout to issue ever greater fines."

About Trustwave

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.

###

All trademarks used herein remain the property of their respective owners. Their use does not indicate or imply a relationship between Trustwave and the owners of such trademarks.

Latest News Releases

Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers

Chicago – October 29, 2024 – Trustwave, a leading cybersecurity and managed security services provider, today released a series of reports detailing the threats facing the retail sector, marking the...

Read More

Trustwave Ranks in Top 10 on MSSP Alert’s Top 250 List for Eighth Consecutive Year

Chicago – October 24, 2024 – Trustwave has again been named a Top 10 MSSP by the industry publication MSSP Alert, a CyberRisk Alliance resource, in its 2024 Top 250 MSSPs List, placing 10th this year.

Read More

Trustwave Expands Partnership with Dicker Data to Deliver Full Range of Managed Security Services in Australia

Trustwave, a global leader in cybersecurity and managed security services, has announced an expanded partnership with Dicker Data, Australia’s premier IT distributor, which has long been a Trustwave...

Read More