Netwrix 2020 Data Risk & Security Report

Survey reveals security professionals successfully mitigate security issues at some stages of the data life cycle but often overlook other stages, leaving content vulnerable

Netwrix, a cybersecurity vendor, announced the release of its 2020 Data Risk & Security Report. This study polled 1,045 respondents worldwide about how their organizations treat sensitive and regulated data during each stage of its life cycle in order to identify common security risk

According to the report, data storage is the most challenging stage of the data life cycle for ensuring data protection. While the majority of respondents (91%) said they were certain their sensitive data is stored safely, one in four organizations admitted they had actually discovered such data outside of designated secure locations in the past 12 months. Moreover, the data was left overexposed for days (43%) or weeks (23%) before the incident was discovered. These figures represent the highest incident rate and the slowest detection time of all the life cycle stages.

Other notable findings of the report include:

  • 61% of organizations that are subject to the GDPR collect more customer data than the law permits.
  • 66% of CIOs don’t have cybersecurity and risk KPIs that are regularly reported to their executives.
  • 54% of organizations said that they do not follow the security best practice of reviewing user access rights to data on a regular basis.
  • 30% of system administrators granted direct access to sensitive and regulated data based only on a user request in the past 12 months.
  • Organizations that classify data at the creation stage spend just an average of three hours on each data subject access request (DSAR)—11 times faster than those who do not classify their data. In addition, their cost for managing DSARs increased by 24% or less, while those who don’t classify data reported increases of 50% to 74%.

“Even as cybersecurity budgets grow, data breaches continue to increase in both number and size. Cybersecurity leaders need to find more effective ways to manage data security risks and show return on investment to the executive team. Gaining more visibility into data, internal processes, and user activity will enable them to prioritize their efforts, mitigate security and compliance risks more efficiently, and prove the effectiveness of their investments,” said Steve Dickson, CEO, Netwrix.

“Unstructured data often accounts for nearly 80% of the data footprint of an organization. The true extent and size of unstructured data are often unknown due to compression, deduplication, and the number of copies of data within the organization. Beyond the substantial proportion of dark data prevalent in the average organization, within the unstructured dataset is often found more than 10 copies of the same files just through data protection, backup and recovery, business continuity, testing, and other automated activities.” — Gartner, “Market Guide for File Analysis Software,” by Julian Tirsu, Marc-Antoine Meunier, February 2020.

To get the complete findings of the 2020 Netwrix Data Risk & Security Report, please visit:

Click here to read more about Cybersecurity topics