"It's pretty clear that they weren't understanding where their sensitive assets were," said David Gibson, spokesman at New York-based Varonis Systems, Inc., which makes software to manage and secure unstructured data. Varonis was the sponsor of the Ponemon survey.
"Sensitive data wasn't identified, wasn't locked down appropriately, and I don't believe the use of that data was being monitored," he said. "There are some critical controls missing that would have made the hacking a lot harder."
But while criminals can be very good at finding the information they need within corporate systems, legitimate employees are actually drowning in data.
Sixty three percent of end users said it is difficult or very difficult to find files on corporate networks -- and here, 60 percent of IT respondents agreed.
Sign up for CIO Asia eNewsletters.