"The findings serve as useful metrics on the state of perceived risk, actual threats and control investments to protect files as companies extend their content management and collaboration strategies," Scott Gordon, chief operating officer at FinalCode said.

Independent research for the report, conducted by Boulder, Colo.-headquartered industry analyst and consulting firm Enterprise Management Associates (EMA), provides insights into file data leakage risks and incidents, security process and control maturity, perceived cloud-based file platform threats, and investments to preempt and contain file access and usage exposures.

Key findings of the report revealed that all responding organizations expressed significant concern for data leakage risk due to inappropriate sharing or unauthorized access to files containing sensitive, confidential or regulated information.

The development of industry and government compliance mandates toward data security, and protection of personally identifiable information, have encouraged companies to take action and investigate how to extend policies, processes and controls to protect sensitive information inside and outside an organization.

Yet 84% of survey respondents, comprised of more than 150 decision makers from mid-tier and large enterprises spanning multiple North American industries, expressed moderate to no confidence in their capacity to secure confidential file incidents.

While the majority of IT organizations have enhanced technical controls and auditing, only 16% of respondents felt highly confident in their file security investments, indicating an underlying insecurity in monitoring and enforcement capability.

Encouragingly, the vast majority of respondents, across IT, security and line of business roles, indicated that their organization plans to invest in stronger security controls.

Other survey highlights:

• All organizations are concerned about file data leakage risks and 75% expressed very high to high concern.
• When it comes to their security controls and auditing capacity 84% of participants had moderate to no confidence in protecting confidential files.
• Half of survey respondents expressed frequent data leakage incidents.
• More than 90% stated the lack of protection of files leaving cloud-based platforms or device containers as the highest risk to adopting cloud-based file storage and collaboration services.
• Respondents cited inappropriate file sharing with others and through malware and hackers as the most likely causes of data leakage.
• While policy development and legal enforcement are foundational file security defenses, organizations plan to increase user awareness training and purchase additional security technology.
• Email gateway/proxy and data loss prevention technologies were the top mature protection methods, while file encryption and usage control software are top upcoming control investments.
• Respondents (70%) believe many end users would invoke stronger security controls on files if empowered to do so.

"Data dissemination and file collaboration are natural parts of most business and operational workflows, so must security be an integral part of the workflow to protect information. Unfortunately, protecting sensitive and regulated data within shared files remains a significant exposure within many organizations," David Monahan, research director of risk and security management at EMA, said. 

Monahan noted the survey findings show a gap between file security policies and practices, and the efficacy of technical controls in place to monitor and enforce compliance to the existing policies.

"This lack of capability to control unstructured data as it moves through its lifecycle will not only yield more data privacy breaches but will impact the adoption of advanced enterprise and cloud content management systems," he added.

Be sure to register today for Data Breach Defense, the free CU Times cybersecurity virtual conference on Oct. 6. Find out the latest credit union liability and risks, as well as security measures you can take to ward off cybercriminals.