securityToday, IT decision makers say that half of all corporate data in the enterprise is held on laptops and desktops, instead of in the data centre or centralised servers. In the U.S., this rises to as much as 60 percent. Simultaneously, the significance of this data to the productivity and security of the business is well understood at the top of the organisation — with 63 percent of CEOs stating that losing this data would destroy their business. But, awareness of the risk is doing little to change adherence to proper security practices.

CEOs are playing a game of chance with critical corporate data

Despite the known risks facing organisations, such as data breaches, business decision makers and CEOs are putting critical data at jeopardy. Three quarters (75 percent) of CEOs and more than half (52 percent) of business decision makers admit that they use applications and programs that are not approved by their IT department. This is despite 91 percent of CEOs and 83 percent of business decision makers acknowledging that their behaviours could be considered a security risk to their organisation. These findings are revealed in Code42’s CTRL-Z study. It explores the pressures faced by IT decision makers and compares their responses to the views of CEOs and business decision makers who control the majority of the data outside the four walls of the enterprise. The study, which takes into account the views of 800 IT decision makers and 400 business decision makers within the U.S., U.K. and Germany, highlights that security and productivity are intrinsically linked in a data-driven economy.

Brand reputation is at risk due to a heightened focus on productivity over data security

There’s an ever-persistent balancing act between productivity and data protection in the modern enterprise. Now there is added pressure on IT decision makers to help the enterprise rapidly recover from a breach, if it hopes to minimise a hit to reputation and ensure customer loyalty. The vast majority (80 percent) of CEOs and 65 percent of business decision makers say they use unauthorised applications and programs to ensure productivity. However, half of IT decision makers say that their ability to protect corporate and customer data is vital to their company’s brand and reputation — a sentiment that is shared by 50 percent of CEOs and 61 percent of CIOs. The majority of IT decision makers do have laptop (86 percent) and server backup (95 percent) in place. However, at least 13 percent and 8 percent, respectively, have not tested their laptop or server backup programs. This approach is more of a “checkbox for compliance” and not a solution that adds practical value to the employees. If an enterprise-wide failure, such as a widespread and devastating ransomware attack, took place today the questions would be: “Is your IT team prepared to get you back up and running?” and, “How long would you take to be productive again, considering the amount of data held laptops and desktops?”

“Modern enterprises are fighting an internal battle between the need for productivity and the need for security—both of which are being scrutinised all the way to the CEO. By using unauthorised programs and applications, business leadership is challenging the very security strategies they demanded be put in place. This makes it clear that a prevention-based approach to security is not sufficient; recovery must be at the core of your strategy,” says Rick Orloff, VP and CSO at Code42.