More Than Half of Execs Say They Can’t Identify Sensitive Data Leakage

Reports of data security breaches have reached all-time highs, with the rise in data incidents mapping directly to efforts within enterprises to scale up their customer touchpoints and personal information collection. Unfortunately, according to a recent Ensighten survey of 200 marketing, security, IT and corporate executives, today’s executives still don’t feel prepared when it comes to shoring up their organizations’ breach vulnerabilities.

Across multiple portions of our survey, which set out to gauge data security preparedness among U.S. and global enterprises, an all-too-common theme emerged when it comes to client-side website security: Awareness of the risks is high, but adequate protections have yet to be put into place, with more than a third of executives saying they lack the needed budgets to secure their client data. Perhaps even more alarmingly, a majority of executives confessed that their organizations would be unable to detect a data breach or leakage if it did occur.

Aware but Ill-Prepared

Whenever a company has a third-party technology on its site that it does not control, it introduces a vulnerability in its data security. Breaches can occur through third-party tags, trackers, chat capabilities, social media, and advertising technologies, to name just a few. According to our survey, 79.5 percent of executives correctly recognize that integrating third-party technologies into a website increases the risk of data leakage. However, 57 percent of executives reported that their organizations currently cannot identify leakage of sensitive data from the browser, and 47 percent cannot prevent leakage of sensitive data from the browser.

Survey respondents identified numerous challenges to ensuring client-side website security within their organizations. Among them, the top three challenges were identified as:

• Insufficient knowledge among teams and executives (48 percent)
• Poor security management systems (43 percent)
• Insufficient client-side website security budget (35.5 percent)

Misallocated Efforts

While 83 percent of survey respondents said they believe their organizations could be at risk of a data breach, the efforts being made to shore up vulnerabilities do not appear to be going toward the most useful tactics. Around two-thirds of executives said their organizations are looking to ensure the security of third-party technologies and JavaScript on their sites via regularly scheduled audits or through workflow adjustments. Unfortunately, while audits might sound like a good idea, they are a poor use of security resources given that they do not prevent data breaches or leakage, but only seek to identify data incidents after they have occurred.

Similarly, workflows are difficult and slow to change in an enterprise environment and are too often reactive or impossible due to organizational complexity. Executives prefer a proactive technology solution to either of these approaches. The risks inherent in these findings are unacceptable in today’s customer-centric, privacy-aware world, and it’s high time for enterprises to translate their awareness of customer data security concerns into concrete action.

While Marketing security starts with an awareness of risks, shoring up vulnerabilities requires more than periodic manual audits of website integrations. Companies today need to seek technological solutions to this technological problem in the form of systems that can monitor and securely manage all third-party integrations on their websites.

The risks revealed by our findings cannot be allowed to persist, lest they threaten customer confidence and the future of the U.S. business as a whole. It is time for enterprises to move beyond broad awareness to establish executive alignment and take action.

 Read more: How Automating Metadata Management Can Transform Data Governance