Blog Post
A New Era of Risk Part 3: Risk and Impact of Emerging Data Sources Underestimated in Most Organizations
This blog series discusses research and trends across the spectrum of Digital Insights & Risk Management. Part 1 in the series, by Sophie Ross, defined the concept of digital risk and shared a state of the industry across the big picture of this problem space, and Part 2 focused on data privacy issues. This post discusses the disparity between belief and reality regarding emerging data sources in today’s corporate environments. It features insights from business leaders including information governance professionals and legal department leaders.
In the context of corporate risk, there may be no better story about the break between expectations and reality than the emerging data sources story. In recent years, emerging data sources, i.e., collaboration platforms, chat applications and other cloud-based tools, have caused tremendous cost, burden, risk, regulatory exposure and other challenges for countless organizations. Legal teams in the throes of litigation or regulatory investigation have grappled with forensic collection and discovery across their cloud-based systems. Risk managers have worried over how to ensure sensitive information isn’t being shared across “shadow” applications they aren’t aware of. Compliance leaders have faced serious penalties for failure to adequately apply compliance monitoring and controls over messaging applications. Information governance and privacy teams have raced to keep policies and protections in place across an ever-increasing volume and variety of systems.
Yet, while these issues run rampant across numerous functions of nearly every organization, few have fully come to terms with the scale, scope and seriousness of the problem. In fact, FTI Technology’s recent Digital Insights & Risk Management survey of senior leaders globally, revealed a stark disconnect between the attention being given to emerging data sources and their potential to generate significant risk.
- For example, the following datapoints from the survey offer a glimpse at current attitudes toward emerging data sources:
- 86% stated that their organization has encountered increased costs or risks associated with the use of emerging data sources.
- 57% said they have received a request from regulatory authorities for electronic evidence from emerging data sources.
- More than one-third of disputes and investigations professionals ranked “difficulty governing the use of collaboration tools and personal devices” as one of their top three concerns and an additional 14% ranked “growing number of data types/formats/sources” as one of their top three concerns.
- Professionals focused on handling disputes and investigations for their organization confirmed that the volume of data impacted/requested in their disputes and investigations matters has increased (69%) and the complexity of accessing/collecting/producing data for these matters has also increased (63%).
- One respondent said, “We can only govern what we’ve been able to wrap a container around, and those emerging data sources can be hard to categorize.”
These responses suggest both a rise in the risks surrounding emerging data sources, and a moderate awareness of them. However, when the survey probed further to understand the depth of that awareness and the steps organizations are taking to tackle the problem, the majority of responses indicated some significant gaps. For example:
- Only half of disputes and investigations professionals said they were “fully aware” of the downstream impacts that emerging data sources such as chat tools, cloud platforms, and collaboration applications can have on e-discovery and regulatory investigations. Another 44% stated that they were “somewhat aware,” yet this figure is still surprising considering that emerging data sources are present in virtually every dispute and regulatory matter today.
- When asked how they were dealing with the risk “difficulty governing the use of collaboration tools and personal devices,” only 16% listed “training” and only 10% indicated “compliance/new policies.”
- Similarly, for the defined digital risk of “growing number of data types/formats/sources,” only 6% had planned to improve employee training and only 5% were working on new policies.
- Notably, among information governance leaders specifically, 67% said they are dealing with governance-specific challenges brought on by the increased use of emerging data sources through employee training. Data lineage and data quality improvements were also on the agenda for information governance leaders as a strategy for improving governance over cloud and collaboration tools.
- More broadly, 78% of total participants answered the question of what plans they have to keep up with increasing risk and activity around emerging data sources. Of these, 62% expect to address the issue with technology investments and just over one-third respondent that budget (36%) and headcount (35%) were part of their plans.
Awareness for the issues around new forms of data is growing incrementally, and legal and governance professionals in particular are becoming more attuned to this as a critical area of digital risk. Still, the universe of data is growing in volume and variety at a rapid clip, and the technical difficulties that are present today will only be compounded as new tools and features are added to the fray. Solving for these challenges will require a combination of forward thinking, preparedness, technical acumen, flexible policy and vigilance.
Read the full Digital Insights & Risk Management report here.
Related topics:
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.