A staggering 86% of IT security professionals cannot categorically state that they know how many sensitive files their organisation has.
Those are among key findings of a study by data security specialist Imperva. Its survey also reveals that only 41% have an idea where sensitive files are stored on their networks; indeed 18% admit they don't know.
Also, less than half (43%) know which users have access to sensitive files, while 32% confess that their organisation has lost data as a result of people abusing file access rights.
Imperva CTO Amichai Shulman believes the report confirms that organisations in the UK have not changed their attitudes to the threat of insider breaches, despite the lessons of Wikileaks.
"The fact that almost a third of the organisations we spoke to had suffered a data breach indicates the importance of protecting files containing sensitive information," comments Shulman.
"With 80% of all sensitive company data stored in files, and this number estimated to grow by 60% annually, the problem of unidentified and unprotected files will also grow, unless people start to take it seriously," he adds.
For Shulman, the solution is effective user rights management and file access monitoring, which helps organisations not only identify where sensitive information is located, but also who is accessing it.
The survey of over 320 security professionals was conducted amongst visitors to RSA in the US and Infosecurity Europe in the UK.
Interestingly, while there were similar levels of inadequate awareness and protection of sensitive files in the US, Imperva finds a critical. US IT professionals plan on taking some preventative action, with 82% of respondents stating that Wikileaks has forced them to rethink their company's data security strategy, compared to 32% in the UK.