NEW YORK, NY--(Marketwired - Apr 23, 2013) - Research conducted by Varonis, the leading provider of comprehensive data governance software, has found that the vast majority of people expect businesses to protect their data -- despite the high number of security breaches reported. The study found that while most respondents have good security practices, they still engage in high-risk behaviors that could enable hackers to breach their data. 

The researchi revealed that an overwhelming 91% of respondents assume businesses protect their personal data and online identities despite reported data breaches for 93% of large organizations and 87% of small businesses in 2013ii. Overall, the study shows that data security is highly valued: 97% are more willing to do business with a company that protects data and more than half (54%) would pay a premium if they feel a company is protecting their data.

The respondents exhibited several online security habits that would score fairly high on any security report card. The study found that 71% look at the fine print of end-user license agreements and terms of service. Mobile security is also high on their agenda, with more than three out of four (77%) password-protecting their phone, and almost half (47%) even using two-factor authentication for their personal email and online services.

Unfortunately, Varonis also found that there are some troubling bad habits. While respondents are dutifully password-protecting their phones, 61% always or frequently use the same password across multiple websites or applications -- putting personal information across their accounts in danger. Two thirds of respondents (67%) admit to or suspect having sent unencrypted personal information to a business in an email.

David Gibson, Vice President at Varonis explained, "It is encouraging that people are seeking out companies that are better at securing their data -- however, the vast number of breaches occurring on an almost daily basis indicates that businesses, just like individuals, are still struggling to get the basics right in securing their data."

Individuals need to focus on eliminating bad "digital" habits and take more control of their security. Businesses have their part to play by making sure IT departments implement basic security best practices.

For individual consumers:

  1. Know where your personal information is, who can access it, and understand what service providers can do with your data without opt-out consent
  2. Never send unencrypted personally identifiable information (PII) or other sensitive data -- especially account numbers, credit card and social security numbers, and health information -- in an email
  3. Pick strong passwords -- mix of upper and lower case, numeric, and special symbols -- and use a unique password for each site -- password managers are a big help with this

For IT departments:

1. Put basic controls around your sharable, cloud-based data by applying the 4 A's:

  • Authentication: verify anyone accessing an account is who they claim to be -- multi-factor is better
  • Authorization: make sure employees only have access to the data they need
  • Auditing: all access must be monitored
  • Alert: analyze activity for potential abuse

2. Make sure employees use protected, authorized platforms
3. Focus on the balance between productivity and security -- employees need a modern work experience that doesn't put organizational data at risk

i Privacy survey conducted by Varonis in April 2013 with 200 IT professionals
ii 2013 Information Security Breaches Survey (ISBS) by PwC in conjunction with Infosecurity Europe and supported by the department for Business, Innovation and Skills

To download the full privacy research report, visit

About Varonis
Varonis is the leader in unstructured and semi-structured data governance software. Based on patented technology and a highly accurate analytics engine, Varonis solutions give organizations total visibility and control over their data, ensuring that only the right users have access to the right data at all times from all devices, all use is monitored, and abuse is flagged.

Varonis makes digital collaboration secure, effortless and efficient so that people can create and share content easily with whom they must, and organizations can be confident their content is protected and managed efficiently.

Voted one of the "Fast 50 Reader Favorites" on, and winner of the SC Magazine Innovation, Product or Service of the Year, and Best Network Security Awards, Varonis has more than 4,500 installations worldwide and is headquartered in New York, with regional offices in Europe, Asia and Latin America.

Varonis, the Varonis logo, DatAdvantage®, DataPrivilege® and the IDU Classification Framework® are registered trademarks of Varonis® Systems in the United States and/or other countries and Metadata Framework™, DatAnywhere™, and Data Transport Engine™ are under a registration process in the United States and/or other countries. All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only.