data

Although it may seem ludicrous to think about it today, there was a time in the not too distant past when businesses considered the data they amassed as merely a by-product of running a business. However, in a similar vein to how petrol was once little more than a derivative of oil-refining, data has emerged as incredibly valuable in its own right.

Data supports the plans and actions of the modern business. With the help of analytics tools modern companies use their data for insights into their customers' behaviour, make forecasts on the success of new ventures, and predict which way markets will turn. They buy data. They sell data. And with every passing day more data is created.

As such, there's a clear difference between petrol and data. Data is renewable. It's less a commodity and more akin to a currency. So, what's the value of that currency? And who is best placed to make that valuation?

Data in Dollars, Dinar, Dong

If we're looking to get a valuation of a business' data, the job necessarily falls to the finance department. The bean counters' access and understanding of the business operations and finances, alongside their focus on accuracy makes them best suited for a realistic assessment of the currency of data.

So what do they have to say on the matter? We asked CFOs, Finance Directors and accountants across the world how they'd stack the value of their data up to their business' annual revenue. Although findings across markets fluctuated, the average settled at a significant 35% of revenue. As all the finance professionals we quizzed were from large organisations with significant revenues, a quick bit of mental arithmetic can put a monetary figure on this.

In Germany, for instance, where all those surveyed worked at companies with annual revenues of at least €50 million, the value of data is, at the very least, €18 million. In the UK, it's a minimum of £15.5 million.

Again, these are conservative figures. In the UK, France and Germany, almost 1 in 5 would put the value of data at over half of their company's revenue. In the UK, 71 per cent of finance professionals would even go so far as to say that company data deserves a spot on the balance sheet.

Who's Guarding the Data Vault?

As with anything that's ascribed a monetary value, businesses' data troves are inevitably a target for criminals. Given the digital nature of data, we're of course talking about cybercriminals.

What's worrying from our findings is that there's a clear disconnect between the value that finance professionals are placing on data and their attitudes towards its safeguarding. By their own admission, data holds significant value for the business, but the finance department seem to stick to the old "if it involves computers it's an IT issue" approach.

This is problematic for several reasons. Modern cybercriminals are incredibly resourceful, and will exploit any vulnerabilities at their disposal in order to breach security. With so much valuable data to be had, why wouldn't they? These weaknesses are more often than not human error, so a workforce

that's not properly equipped with knowledge of cybersecurity best practice is a far riper target for hackers.

Concerningly, we in the UK are straggling behind the pack. Some 38 per cent of UK finance professionals still rely entirely on the IT department for data security, compared to 22 per cent in the US. With GDPR (a European only initiative) a few months away, we really need to be getting our house in order.

Data Lost, Data Cost

As well as an evidential misunderstanding of where responsibility for sensitive data protection resides, there also seems to be some myopia as to the true cost of poor data protection standards.

In the context of suffering a data breach, 42 per cent of finance professionals agree that reputational damage was the most significant negative consequence. Only 10 per cent thought it would be fines and compensation claims.

When we look at this in the context of the aforementioned GDPR, you'd hope that data protection, and data privacy, might be more of a priority. Fines for mishandling data currently stand at a maximum of £500,000, but GDPR will raise them to a maximum of £20 million or 4% of global turnover.

As we collected these responses before GDPR has come into effect, there is the chance that these finance professionals are still harbouring old attitudes to data privacy and protection. It may sound cynical, but it's a well-held fact that fines are considered a common operational cost of many companies. However, with a handful of months until GDPR, we'd expect attitudes to have already adjusted. Maintaining compliance will need a cultural shift within the business. If not, this valuable data could prove a liability.