Security: Compliance or Protection?

A new report by Forrester Research for Microsoft and RSA finds that even though intellectual property comprises 62% of a company’s data assets, security programs focus on compliance rather than on data protection. 

Key Findings:

  • Secrets comprise two-thirds of the value of firms’ information portfolios
  • Compliance, not security, drives security budgets
  • Firms focus on preventing accidents, but theft is where the money is
  • The more valuable a firm’s information, the more incidents it will have
  • CISOs do not know how effective their security controls actually are

 According to Forrester, corporate security programs are typically divided into two main categories of data types to protect:  

  • Secrets  (product plans, budgets, earnings forecasts, and trade secrets)
  • Custodial Data  (customer, employee,  medical, and payment card information)