How much is data really worth to Canadian businesses?
Following a year full of major data breaches and forthcoming new regulations, we are seeing a change in the way organisations think about their data. After years of regarding all forms of data as a commodity to be hoarded as a matter of course, firms are increasingly realizing just how valuable it really is – and how costly data loss can be.
Defining the real value in monetary terms has always been difficult, so we sought to establish a clearer picture by asking the decision makers who deal with data every day. The Value of Data Report asked 500 senior IT managers in Canada, the US, UK, Japan and Australia for their insight on how they value different types of data, and then contrasted their perspective with the value for regulators, insurers, and the cyber criminals themselves.
We examined attitudes towards four of the most crucial types of data for an organisation - personally identifiable information (PII), intellectual property (IP), payment card (PC) data, and corporate email. PII was a clear priority for firms around the world, with 47.4% ranking it as the most important data type. IP and PC data were next at 27.6% and 18.4%, while corporate email was by far the least important, with just 6.6% of respondents seeing it as the most valuable.
Understanding how much data is truly worth to an organisation is an essential part of forming a security strategy to keep it safe. The more valuable key data sets are, the more important it is to invest in models such as managed security services and techniques like threat hunting, which can help to prevent attacks by more advanced criminals. The perceived value of data decides on what type of security controls needs to be adopted for protecting that type of data.
How data is valued in Canada and beyond
When it came to attributing a monetary value to PII data, Canadian respondents were notably on the lower end of the scale compared to the others around the world, ahead of only the UK. The average value per capita value (PCV) in Canada for PII was $1,025, compared to $1,186 and $1,040 respectively for Australia and Japan. The UK respondents placed by far the least value at $843, while the US more than doubled this at $1,820.
At first glance, the vast difference in value may seem to suggest that US firms are much more vigilant than their Canadian counterparts. However, the truth is there are many different factors influencing how firms value their data. In particular, the US is home to many extremely large organisations that hold huge volumes of data. The mean number of consumer PII records held by US companies stood at close to 33mn, compared to just under 9mn in Canada. Another reason could be the strict penalties by regulatory bodies.
Larger organisations are generally better equipped to understand the value of the data they hold, as well as more thoroughly evaluating the risks, a major contributor to the monetary figures given by our respondents. Thanks in part to the larger amounts of data they possess, US-based firms are also one of the biggest draws for cyber attackers. This elevated threat level can serve to make organisations more aware of their data, and more motivated to protect it.
Aside from the differences in data types and locations, we also discovered a large difference in the values given by IT managers, and those of insurers and regulators. The global mean PCV for PII records was $1,198, while insurers almost tripled this at $3,211. Regulators meanwhile dwarfed both groups, with a mean PCV of $8,118. The high monetary value from regulators is reflected in the increasingly large fines they are capable of hitting companies with in the event of a security incident. Canada currently holds some of the lower fines on a global scale, with the maximum fine standing at Canadian $100,000, and $50,000 in Quebec. By comparison, the upcoming EU General Data Protection Regulation (GDPR), set to enter into law in May 2018, will come with potential fines of up to 4% of global turnover or $30mn, whichever the regulator deems to more appropriate.
Compared to these huge sums of money, it’s notable that cyber criminals themselves generally place far lower value on the data they steal in their attacks. We estimate the overall criminal resale for PII to be just 5% of the PCV given by firms themselves – averaging at just $39 per record.
The future of data value
While Canada’s overall value for data was lower than other countries, we did find that Canadian firms took the lead when it comes to the efforts to protect their data – something we termed “Data Risk Vigilance”, or DRV. To determine a country’s DRV score, the study assessed the measures organizations put in place to care for their data according to 10 separate factors – four relating directly to risk, four to data value assessments and two to the impact of data theft. The most attention is paid to the value of data, and of the highest possible score of 20, PC data had the highest score (14.8), just ahead of PII (14.7) and IP (14.4). Email was relatively neglected with a score of 13.0.
We anticipate the way organisations value their data will continue to change over 2018 and beyond as both the cyber and regulatory landscapes shift. Faced with both more sophisticated attackers and higher potential fines, it is essential for firms to build on their existing DRV with thorough ongoing risk assessments and the development of a mature security strategy. More proactive measures, such as threat hunting with in-depth threat forensic analysis and the use of new models such as managed security services, can help to tackle these threats and help Canadian organisations to protect their increasingly valuable data from abuse by criminals.
Sangameswaran Manikkayam, Manager, System Engineering at Trustwave
Intelliwave SiteSense boosts APTIM material tracking
“We’ve been engaged with the APTIM team since early 2019 providing SiteSense, our mobile construction SaaS solution, for their maintenance and construction projects, allowing them to track materials and equipment, and manage inventory.
We have been working with the APTIM team to standardize material tracking processes and procedures, ultimately with the goal of reducing the amount of time spent looking for materials. Industry studies show that better management of materials can lead to a 16% increase in craft labour productivity.
Everyone knows construction is one of the oldest industries but it’s one of the least tech driven comparatively. About 95% of Engineering and Construction data captured goes unused, 13% of working hours are spent looking for data and around 30% of companies have applications that don’t integrate.
With APTIM, we’re looking at early risk detection, through predictive analysis and forecasting of material constraints, integrating with the ecosystem of software platforms and reporting on real-time data with a ‘field-first’ focus – through initiatives like the Digital Foreman. The APTIM team has seen great wins in the field, utilising bar-code technology, to check in thousands of material items quickly compared to manual methods.
There are three key areas when it comes to successful Materials Management in the software sector – culture, technology, and vendor engagement.
Given the state of world affairs, access to data needs to be off site via the cloud to support remote working conditions, providing a ‘single source of truth’ accessed by many parties; the tech sector is always growing, so companies need faster and more reliable access to this cloud data; digital supply chain initiatives engage vendors a lot earlier in the process to drive collaboration and to engage with their clients, which gives more assurance as there is more emphasis on automating data capture.
It’s been a challenging period with the pandemic, particularly for the supply chain. Look what happened in the Suez Canal – things can suddenly impact material costs and availability, and you really have to be more efficient to survive and succeed. Virtual system access can solve some issues and you need to look at data access in a wider net.
Solving problems comes down to better visibility, and proactively solving issues with vendors and enabling construction teams to execute their work. The biggest cause of delays is not being able to provide teams with what they need.
On average 2% of materials are lost or re-ordered, which only factors in the material cost, what is not captured is the duplicated effort of procurement, vendor and shipping costs, all of which have an environmental impact.
As things start to stabilise, APTIM continues to utilize SiteSense to boost efficiencies and solve productivity issues proactively. Integrating with 3D/4D modelling is just the precipice of what we can do. Access to data can help you firm up bids to win work, to make better cost estimates, and AI and ML are the next phase, providing an eco-system of tools.
A key focus for Intelliwave and APTIM is to increase the availability of data, whether it’s creating a data warehouse for visualisations or increasing integrations to provide additional value. We want to move to a more of an enterprise usage phase – up to now it’s been project based – so more people can access data in real time.