90% of firms worry about ‘dark data’ risks

Nine in 10 organisations admit to concerns over “dangerous” quantities of unstructured and ‘dark data’, which could put them at risk of breaching regulation such as the General Data Protection Regulation (GDPR).

That is according to a new study of more than 100 chief information officers (CIOs) conducted by Crown Records Management, a data management firm, which found that two thirds of data across UK organisations is unstructured, leading to increased compliance risk from so-called ‘data oceans’.

The study found that 59 per cent of data across UK organisations is unstructured, while 40 per cent of data is ‘dark’ or unused. Of the CIOs interviewed for the research, more than half (51 per cent) said that unstructured data was a security risk for their organisation, while 49 per cent said it put them in danger of non-compliance.

Two in five (43 per cent) of CIOs said they were concerned about the potential risks of unstructured data storage, with this kind of data split evenly into paper files, data in in original electronic documents and data in scanned copies of documents.

The types of unstructured data they were most concerned about included data in written documents (90 per cent), emails (88 per cent), social media (85 per cent), handwritten documents and forms (85 per cent).

However, respondent said that unstructured data, if processed correctly, could be an asset for their business.

Overall, 64 per cent said they could improve operational efficiency and productivity by tapping into unstructured data more, with 34 per cent stating it could help to grow sales and 32 per cent suggesting customer loyalty could be improved if it were used correctly.

The study found that data was commonly stored in over 20 types of locations, with the most common being databases, the cloud and back-up systems.

For all used data, 29 per cent said it was held on laptop hard-drives, 22 per cent said email accounts and 21 per cent said filing cabinets. For all dark data, 19 per cent said it was held in people’s desks and drawers, 17 per cent said written notes and 12 per cent said employees’ homes were all storage locations.

Kevin Widdop, information security consultant at Crown Records Management, said: “Many organisations seem to be at risk of drowning in vast amounts of data that they are not aware of, and many are suffering from a wealth of data in which they don’t know what information it contains.

“It’s valid to hold unused data for compliance purposes such as the financial services industry keeping financial data for up to 25 years or forever in some cases, as per Financial Conduct Authority regulations.”

However, he added, this process becomes an issue when much of this data is held in unstructured formats and when sensitive data isn’t adequately protected, potentially resulting in breaches.

Related Articles