A recent survey conducted by KPMG across 44 of the leading consumer markets and retail companies operating in nine countries in Central and Eastern Europe, including Romania, indicates the following:
- The vast majority of respondents perceive data theft as a significant risk to their business. Furthermore, more than half of the respondents believe that the risk of data theft will increase over the next three years.
- Most respondents do not have formal processes to assess the risks of data theft in their organisations. Many respondents are also not satisfied with the measures they have in place to mitigate the risk of data theft.
- Employees are generally seen as the most likely perpetrators of data theft, with mid-level management posing the greatest perceived risk.
- The data perceived to be most at risk are data related to strategy and planning;
- The use of removable media such as USB sticks is recognised as a significant risk by most respondents, yet few indicated that they had measures in place to deal with this threat.
Jimmy Helm, Head of Forensic for KPMG in Central and Eastern Europe, comments: “The survey results reflect that companies recognise that their employees present the highest risk as perpetrators of data theft as they inevitably have access to sensitive company data in the normal course of business. Our recent investigations for clients have indicated that this risk is increased by the pressures that the turbulent economic situation in the CEE region place on the employee, who finds his or her employment more and more under threat, and who is more willing than ever before to use this information for financial reward, or to even secure his or her employment with the competition.”
Richard Perrin, Partner, Risk Consulting KPMG in Romania comments: “Regular risk assessment is critical and should be extended to include reviews of the implementation of new countermeasures against data theft and improvements to existing countermeasures as the risks evolve. Proactive analysis of a wide range of systems and data sources within the organisation in order to identify and respond to actual occurrences in a timely manner is also a very important part of the efforts to combat data theft.”
Aurelia Costache, Partner, IT Advisory Services KPMG in Romania comments: “Despite the consistent perception that data theft poses a high risk, relatively few companies have performed a robust risk review of their data, categorised their data according to confidentiality and sensitivity or imposed appropriate controls over user access to that data. Of particular concern is the fact that most companies have failed to implement appropriate countermeasures against the threat posed by removable media.”