Thus far in this series, we’ve discussed how to effectively map the hardware and software [ADD LINK] elements of your information system. Now it’s time to look at probably the most complex part of the mapping process: data assets. The types and amount of data that businesses keep vary greatly, even within a single sector such as insurance.
Some of the more common types include:
- Customer and transaction data – This is information about your clients and your interactions with them.
- Human resources data – This is information about your business owners and employees.
- Financial data – This includes items such as bank account and credit card information for your clients and your business. Records of financial transactions and credit histories are other important forms of financial data.
- Intellectual property – The exact definition of intellectual property can vary between jurisdictions. Generally, however, it includes items such as patents, copyrights, trademarks, and trade secrets. Failing to document IP rights not makes it difficult to protect these intangible assets. It can also limit your ability to protect them from infringement.
Setting a Value on Data Assets
Once you know what data you have and what systems store it, you need to decide what that data is worth to your business. Unfortunately unlike hardware or software, the value of data can’t be based on how much you paid for it or how much it would cost to replace it.
Fortunately, putting an exact dollar amount on data isn’t necessary. Instead, consider what the impact on your business would be if you couldn’t access that data for a period or if hackers made it public or gave/sold it to your competitors.
- How much time would it take your employees or outside experts to recover or reconstruct the information, and what would their time cost you?
- How much business would you lose from being unable to work or from alienating current or potential customers?
- Could you be sued?
- If so, what legal costs would be involved even if you win the suits?
The Importance of Accurate Valuations
It’s important to understand the value of your data because robust cybersecurity measures often aren’t cheap. You don’t want to spend more to protect data than it’s worth to you. (Just remember that clients may have a different idea of what their data is worth.) Finally, understand that it’s important to identify all data that has material value to your business, whether or not it’s “protected” under federal or state laws or regulations.