This isn’t a great statement on the security of sensitive data, and the last sentence isn’t a great statement in terms of the litigation readiness of organizations either.
“Polling a little over a thousand IT professionals around the world, the survey found that 76 percent had reported that their companies had increased investments in perimeter security, yet 68 percent said that they thought unauthorized users could still gain access to their networks. Thirty-two percent of the respondents said their organizations don’t encrypt payment data, and 35 percent said they don’t encrypt user data in general. Fifty-five percent said they didn’t know where such data is stored.”
You can’t secure, or collect, data if you don’t even know where it is! That’s like, step one, for both cybersecurity and eDiscovery.
And more than half are failing at step one.