One of the biggest obstacles for organisations is understanding where critical data resides and how it is currently protected. Apart from the production environment, copies of important or sensitive data is also stored in back-ups, data warehouses and test environments.  These environments may be less protected than the production environment.  Data risk is a growing risk for companies and a great opportunity for hackers.

Recently, a well-known travel agency was hacked and almost 1 million customer records were exposed.  Although, the production environment was secure, the test environment which was less secure was also accessible from the internet which facilitated unauthorised access to sensitive customer data. Data Risk Management should therefore focus on the data, as recommended by the international security standard ISO27001:2013.


Company data is growing exponentially and after 10-20 years of data storage a huge amount of data exists: Big Data is no longer just a buzz word.  By scoping we can reduce the size and complexity of our data risk management activities. Your scope should focus on large structured data sources related to Mission Critical Applications. These "data crown jewels" have an interface and/or are copied to other departments, business partners and locations. Understand where this important data flows to and record a physical address and/or IP-address for where the data is stored.

"Don't pay a quarter to protect a dime"

Data Risk Management (DRM) aims to help management become aware of the key data risk. A heatmap of all important data sources should help to decide where to spend money most effectively on the most risky data sources.   

The Bottom Line

DRM will evolve as organizations continually look to balance protection of business data and costs. Understand your exposure and risk appetite and have a plan of action to mitigate your potential liability. Data Risk Management is an art and not a science. 


Gerco Kanbier is Managing Director of Trust in People - the information protection company in The Netherlands. For more information, please visit


The Complete Guide to

Compliance and Compliance Risk Management

Download Now

Related Articles

feature image
Security Risk Management Operational Risk Risk Manager

Exploring the evolving role and scope of operational risk management in today’s dynamic landscape

Guest Blog by Shannon Harris, Senior Research Executive, Center for Financial ProfessionalsThe Protecht Group will be exhibiting at the New...
Read more
feature image
information security management

Infographic: Information Risk Management Framework

In previous articles, we have talked about the increasing importance that data collection and data management have in business strategy. On this...
Read more
feature image
Security Risk Management information security management

Cyber security – will we ever be safe?

I recently read an article in the @TheEconomist (April 8 edition) entitled The Myth of Cyber Security, a somewhat depressing article on the poor...
Read more