To improve cyber resilience, organizations must manage their unstructured data risk

With more unstructured data comes more risk. But companies struggle to manage this data appropriately. Learn how the right tools can help improve data governance and reduce risk.

Belinda Walsh

Written by

Belinda Walsh

Reviewed by

Share on Social Media
March 15, 2024
To improve cyber resilience, organizations must manage their unstructured data risk

Finding it hard to keep up with this fast-paced industry?

Subscribe to FILED Newsletter.  
Your monthly round-up of the latest news and views at the intersection of data privacy, data security, and governance.
Subscribe Now

When researchers speak of the growth in data, they really mean growth in “unstructured data”, like emails, documents, or media. With more unstructured data comes more risk. Organizations experience significant interruptions to business continuity when unstructured data is lost due to accidental deletion or cyberattack.

What’s worse, unstructured data is more difficult to manage, and cybersecurity tools often focus on protecting infrastructure and structured data sources.

Organizations must address their unstructured data risk.

What is unstructured data?

The term “unstructured data” refers to data that does not have a pre-defined structure, in contrast to data residing in a database, which fits into a pre-defined structure or data model.

Email, documents, media files, social media posts—all of these are forms of unstructured data. Unstructured data is everywhere.

According to Gartner, 80-90% of enterprise data is unstructured. This data is also growing three times faster than structured data, with research firm IDC predicting a growth from 33 zettabytes in 2018 to 175 zettabytes by 2025.  

Unstructured data naturally provides more context and insight, acting as a record of decisions made or strategies established.  

As such, when it is lost, corrupted, or stolen during a cyberattack, the result can be significant interruptions to business continuity and an elevated data privacy impact.

Challenges managing unstructured data

Volume and diversity of unstructured data  

Unstructured data is inherently free form, with no limit on its structure or format. Unless you open the file to review the content, a given Microsoft Word document outwardly resembles any other document.

As such, unstructured data can occupy a much greater volume of storage space, with all the storage and transfer costs this involves.

No metadata standardization

Most organizations will have a large quantity of unstructured data files with minimal or inconsistent metadata, which makes categorization, classification, and discovery much more difficult.

Without consistent metadata, organizations struggle to organize their information effectively and may encounter difficulties in implementing efficient data governance practices.  

Data privacy complexities

You cannot ensure individuals' privacy is protected unless you understand the data you possess, and unstructured data makes that task much more challenging, elevating your risk.  

Many organizations have a large amount of personally identifiable information (PII) stored in an unstructured format: think, .pdf application forms containing driver license numbers, Word files with customer information such as names and home addresses, or HR files with employee tax details. Such a situation elevates the potential impact of data privacy breaches.

Benefits of comprehensive unstructured data governance

When organizations can govern their unstructured data, they benefit in two main ways: increased resilience to cybersecurity threats and enhanced regulatory compliance.

Cybersecurity resilience

Once your organization understands its data, particularly unstructured data, you can take proactive steps to improve cybersecurity. These include removing data you no longer need to retain, managing access to what remains, and moving the truly sensitive data to more secure storage.

In achieving this, you reduce both the likelihood and the impact of a data breach. And in the event of such a breach, you can manage your response with confidence, maintaining the trust of your customers.

Regulatory compliance

Gaining understanding and governance over unstructured data allows you to comply with regulations such as the General Data Protection Regulation (GDPR) that place a strong emphasis on accountability and transparency and often require organizations to implement measures to track, audit, and report on the data they hold. Compliance here mitigates the legal and financial risk associated with non-compliance and improves your risk profile.

RecordPoint can help

It is obvious that an improved understanding and governance over unstructured data would be helpful, but without the right tools, you may struggle to put it into practice. The volume and nature of unstructured data means a manual approach will not work, but an automated solution like the RecordPoint Data Trust Platform can help.

The first step in improving data governance over your unstructured data is to establish a data inventory. This involves identifying and categorizing all data across your systems and repositories. RecordPoint’s Connectors feature allows connect to all essential business systems and file shares to bring consistency to your data management, no matter where the data lives.  

RecordPoint connects seamlessly to standardized systems with common configurations, such as Microsoft 365 applications like SharePoint, OneDrive, and Outlook, and Google Workspace, but can also accommodate unique configurations of various systems like Salesforce or Workday for example, which often differ in their usage from one organization to another.

Once you have established such a data inventory, the RecordPoint platform can identify and classify sensitive data, including PII, and assign a retention schedule so you can manage your data privacy risk. The platform can also help you identify data that can be safely removed, and help you dispose of any redundant, obsolete, and trivial data (ROT).


RecordPoint's Head of Risk Miles Ashcroft discusses why focusing on risk, rather than compliance, is essential

Respecting organizational data storage mandates

Large enterprises, particularly those in the financial sector, may have strict policies that impose restrictions on where can be stored, to comply with regulations. Such a situation makes adopting a SaaS solution like RecordPoint more complex, as the inherent flexibility of cloud-based services conflicts with rigid data storage requirements.

We understand these challenges well, as we have worked with large banks and financial institutions. Such organizations must strike a balance between harnessing the benefits of a platform like RecordPoint and ensuring adherence to data storage mandates. We have a range of infrastructure options that can be tailored to support such situations, such as making use of customers’ own remote blob storage. Speak to our team, and we can find a solution that meets your needs.

Discover Connectors

View our expanded range of available Connectors, including popular SaaS platforms, such as Salesforce, Workday, Zendesk, SAP, and many more.

Explore the platform

Find and classify all your data

Discover your data risk, and put a stop to it with RecordPoint Data Inventory.

Learn More
Share on Social Media

Assure your customers their data is safe with you

Protect your customers and your business with
the Data Trust Platform.