In summer 2016, Kilpatrick Townsend & Stockton and the Ponemon Institute jointly issued a fairly bleak report about the risks to corporate data. The report found that most organizations didn't really understand the threats to their information, much less invest resources in securing it.

Nearly two years and about 100 high profile data breaches later, that landscape seems to be shifting somewhat. A follow-up survey from the two groups found that organizations have made moderate strides in securing their company knowledge assets and responding to breaches when they do occur.

“Generally, what we're seeing is a much-increased awareness and higher recognition that the threats are growing,” Jon Neiditz, co-leader of Kilpatrick's cybersecurity, privacy and data governance practice, told LTN.

The survey polled over 630 security professionals and split findings largely into a general population of organizations and “high performing” organizations. High performers, according to the study, are more likely to restrict employee access to sensitive data, conduct audits of data handling practices, and conduct regular employee cybersecurity training sessions.

“Generally, the high performers are further along the path of digital transformation. They're more aware that their stuff is more valuable to nation-states, and they're generally focusing on certain technologies detailed in the report more than others,” Neiditz elaborated, with those technologies including access management, private user management, access governance and data loss prevention technologies.

Data from the report shows that marginally more organizations, whether high performing or not, now take measures to protect knowledge assets, i.e. internal corporate data beyond just consumer personal identifying information. Boards of directors are increasingly requiring assurances that these assets are safely guarded, especially where third-party vendors are concerned.

Additionally, organizations reported a greater understanding of how little control over their data they truly have. Eighty-two percent of respondents said they were likely to have suffered an undetected breach, up from 74 percent who said the same in 2016. The survey also found that more organizations, 65 percent, believe their valuable knowledge assets lie in the hands of competitors, 5 percent more than the 2016 report.

Neiditz noted that there are still a few areas for organizations to improve. Employee data mishandling is still responsible for a great deal of data breach issues, despite 73 of respondent organizations using employee training programs of some form, and 68 percent conducting comprehension testing.

High performing organizations are more likely to take an additional measure of customizing these trainings to specific employee functions. The report found that 63 percent of high performing organizations tailor their training programs to specific employees, while 51 of all those polled said the same.  

Private communications remain a struggle for most organizations and seems to be an area of potential growth. Only 16 percent of organizations report having completely secured their communications, despite 45 percent saying that those communications are among the most valuable organizational knowledge assets. “It's the most difficult to secure, and it is among the most poorly secured,” Neiditz said.

Neiditz noted the survey highlights some of the specific things that organizations have improved upon, details that often get buried when headlines discuss the gravity of cybersecurity concerns and frequency of breaches. “They don't see all the improvement. They don't see how much improvement there is among the overall population,” he said.

The granular data present in the survey, conversely, may help organizations take up and expand upon growth. “Hopefully we can use this survey as a way of providing a road map,” Neiditz said.