45% of businesses owners have faced ‘major data breach’ — with a third being an inside job

NEW YORK — Nearly a third of businesses are being reckless with customer data, according to a new study. A poll of 1,000 American business professionals and software developers finds that 29 percent use unprotected production data (real customer data) in testing environments when testing and troubleshooting their company’s software — increasing the risk of exposure in the event of a data breach.

Nearly half (45%) claim their companies have faced a major data breach within the past five years due in part to the use of data in insecure environments. Sectors hit the hardest by data breaches over the past five years include businesses focusing on financial services (60%), construction (57%), education (54%), food and beverage (53%) and law practices (53%).

1 in 3 data breaches are an inside job

According to respondents, data breaches occur most often as a result of internal theft (34%), accidental leaks (27%), and hacking incidents (24%) — all of which can take companies an average of four weeks to recover.

Data breaches open a Pandora’s box of risks for companies that experience them. Respondents say their businesses came face-to-face with insurance premium increases (28%), civil lawsuits (27%), regulatory fines (22%), and media embarrassment (21%) after a breach. A majority of those who previously faced a data breach (88%) add that it caused delays in the company’s ability to function.

Commissioned by Tonic.ai and conducted by OnePoll, the study found 74 percent use sensitive customer data every day for multiple purposes. Industries which use sensitive customer data the most include education (83%), financial services (82%), food and beverage (80%) and construction (79%).

Seven in 10 (71%) say being hacked is a major concern at their company — a prime reason for 75 percent of businesses to make sure customer data security is a “top priority.”

“With the rising popularity of remote work, increased data breaches and leaks are inevitable. Whether it be stolen work laptops, using real customer data in testing, or the incorrect cloud migration of data, there are a myriad of reasons why a breach can happen,” says Ian Coe, CEO of Tonic.ai, in a statement. “What’s important to understand is that while a breach may happen, there are ways to safeguard the data to ensure companies are not putting their customers’ information at risk.”

Secure the testing environment

The survey revealed one way to avoid customer data breaches is by monitoring and protecting the data businesses use in software testing environments. On a promising note, the study also found that 50 percent of businesses use data that has been de-identified or synthesized to look like customer data, in testing environments.

Three in four businesses feel “ready and prepared” to deal with future data breach threats. Seven in 10 believe it’s “necessary” to use synthetic data to keep customer data safe. However, many respondents considered their test data practices to be broken. Forty-two percent claim their practices either aren’t secure or they don’t scale. Meanwhile, 20 percent say it’s difficult to generate and use their test data. Nearly two in three (64%) don’t understand the reasons behind using synthetic data for testing.

“Fake data is designed to respect and protect the privacy of real customer data. Companies should be responsible about their data governance and being compliant when it comes to things like personal identifiable information,” Coe says.

Follow on Google News

About the Author

Chris Melore

Chris Melore has been a writer, researcher, editor, and producer in the New York-area since 2006. He won a local Emmy award for his work in sports television in 2011.

The contents of this website do not constitute advice and are provided for informational purposes only. See our full disclaimer


  1. The security landscape is constantly changing along with the advancements in technology. There needs to be a flexible, adaptable, and resilient cybersecurity and cyber-resilience plan in place to ensure business continuity in times of turmoil. Do not settle with just a defense system in place, you need to hope for the best but prepare for the worse. Cybersecurity is not enough nowadays, build up your cyber-resilience now.

Comments are closed.