Study finds 50% dark data creates major security flaw


A survey conducted by Vanson Bourne for Veritas, has found that over half of companies’ data mines remain unclassified and “in the dark”, even as data protection laws and IT security threats grow on a global level.

The Value of Data study took into account the views of 1,500 IT leaders and data managers in 15 countries, and highlighted how the storing of so-called ‘dark data’ is fast becoming a major attraction to online criminals.

It was found that around 52% of data within organisations is untagged or unclassified, suggesting that firms have restricted visibility and potentially no knowledge over swathes of information that could be of critical value.

Mobile domains and public clouds present the biggest security challenge, with the large part of data stored in such environments under greatest threat of neglect.

According to the study, only five percent of companies reported that all data locked in a public cloud are classified, while just six percent said that they have classified all data that dwells on mobile devices.

Companies stating that they have classified less than half of data that sits in the public cloud accounted for 61% of respondents, while 67% said they have classified less than half of the data stored on mobile devices.

Vice president for products and solutions at Veritas, Jyothi Swaroop, said:

“As workforces become more mobile and the barriers between work and personal life break down, company data has become dispersed across numerous environments.

“When data is fragmented across an organization and has not been properly tagged, it is more likely to go ‘dark’, threatening the company’s reputation and market share if it falls foul of data protection regulations such as GDPR. So it’s vital that organizations take full responsibility for ensuring their data is effectively managed and protected.”

“A company’s dark data reservoir may be out of sight and out of mind for many organizations, but it’s an enticing target for cybercriminals and ransomware attacks. The more organizations know about the data they hold, the better they will be at judging its value or risk,” added Swaroop.

“But with the average company holding billions of data files, manually classifying and tagging data is beyond human capability. Businesses must implement data management tools with algorithms, machine learning, policies and processes that can help manage, protect and gain valuable insights from their data, regardless of where it sits in their organization,” he continued.

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.