Skip to content

The Value of Data: What Is Your Data Worth to Your Organization?

Jason Clause
Jason Clause
|
December 02, 2008

Subscribe to get updates!

Table of Contents

Cybersecurity Fundamentals Training

Endsight provides a complimentary cybersecurity training. Our goal is to bring awareness of the latest trends and best practices to help reduce cyber risk for our customers, our business community, and their families.

Register Now

The key insight to glean from Pete Heles's article is that your data is probably worth WAY more than you think. In fact, it is likely the very lifeblood driving that is your organization.

Many of Endsight's clients operate a service business. They count on the intellectual property locked in their email and business applications to meet their customers' needs. For them, data is the business.

As Heles notes, "The Department of Commerce has determined that 90% of companies which do not have access to data for more than 5 days go out of business within 1 year."

By itself, that statistic is alarming, but in the Bay Area it's further exasperated by this one:

On April 15, 2008, the San Francisco Chronicle reported that the US Geological Survey believes "A strong and deadly earthquake is virtually certain to strike on one of California's major seismic faults within the next 30 years"

I've re-posted Heles's article below and invite you to consider what kind of impact a "day without computers" might have on your business. If you find the impact as alarming as Heles does, contact us and let's talk about how we can help mitigate that risk.

What is your data worth?

This question is one that will have a unique answer to each and every entity in existence. There is no easy answer. This is obvious in the fact that this very question has been asked many times without a quantitative foundation for the answer. It is the objective of this document to assist you in better determining the value of your firm's data, how to increase its value and ensure the ongoing retention of value.

In researching this question, there are several current themes for determining the value of an organization's data. The most basic formula is the data of an organization is equal to one multiple of its annual revenue. This theory is supported by the fact that if a company's data is lost or handed over to a competitor, the firm is worthless without it. This is a rather simple formula that points out a fundamental flaw in attempting to establish a universal formula for determining the value of data: The value of data has much to do with the type of organization.

A flower shop, a paint manufacturer and a not-for-profit cannot use the same formula. Think about a dental office: new data is established on each visit and the data collected from prior visits is mostly negated. In the dentist's case, the security of the new data is far more important than the "old data" with the establishment of HIPAA Guidelines.

A flower shop has names, addresses, credit card information and transaction history. The credit card data is again important from a security risk standpoint, but to say the value of a flower shop's data is 1 times annual revenue seems to be grossly overstated, as the majority of the information can be collected from a variety of sources and the confirmation of credit card information can and should be done with each transaction.

The paint manufacturer, on the other hand, is very different. In the recent past, a specialty paint manufacturer was purchased by a sizable competing firm. Within 6 months of the acquisition, over 90% of the acquired firm's employees were terminated and all but 2 plants shut down. The data was the only thing of true value. The purchase price was 4 times annual revenue. Formulas and client data in the sole possession of the acquiring firm were deemed to have that significant value.

In today's business environment Certified Public Accountants and the Federal Government determine the value of tangible assets. Merriam Webster defines tangible as "capable of being appraised at an actual or approximate value ."

If a firm buys a list of names and addresses it is a business expense and the initial value is easily determined. That list becomes valuable data with use and definition by the firm for its profitable use. The additional data that is built along with the name that was purchased is of significant value. In theory, it is no longer an expense but becomes an asset. Only the tangibility of value is a question.

There are other considerations that must be realized in determining the value of data. A basic factor in value is the cost to maintain and collect data. What is the budget for computers, software, support, and people in the data systems group at a firm? If, in fact, that amount is treated as an expense, it must diminish the value of data by the same amount.

On the other hand, it has been determined by the management of the firm that the value of data will increase in an amount greater than the expense; otherwise, it would be a bad business decision to incur that expense. Conclusion: the data processing staff at a firm is critical to increasing the value of the firm's data. Unfortunately, the value of data is too often determined by the purchase price of the technology which is used to house the data. That is like telling someone the $1 bill in the $100,000 vault is worth a hundred thousand dollars! In 1978 when a 73mb disk drive was $38,000, was the data more valuable than today when a 300 GB disk drive is about $250? Be careful not to get caught in this determination of data value.

Issues for consideration:

  1. Is it goodwill? What is that in accounting terms?
  2. Is a patent an asset, and how is the value determined?
  3. Is data the same as intellectual property?
  4. Increasing the value of Data
  5. Protecting Data
  6. Handling, use, and availability of Data
  7. Misuse of Data
  8. Where is the Data?
  9. Role of individuals and Data
  10. Assault on Data
  11. Treating Data as an investment

The topics noted above are best answered by the key management of your firm with needed participation from both accounting professionals and lawyers. A strategy for the proper collection, use, protection, and ability to compound data and its value can be an eye-opening project that WILL increase the awareness of and value to your firm's data.

Before starting the process of determining the management of your firm's data, take a minute to answer the following questions. If an employee took (embezzled) all of your company's key client, vendor, and financial data to his new employer (a prime competitor of yours), what could the financial effect be to your firm?

If there were a fire (or other situation) that destroyed all the file servers in your data center, how long would it take for your firm to recover from this calamity?

What is the cost/loss per day to your firm if corporate data is not accessible?

What would the financial impact be to your firm if the data that was backed up could not be restored and had to be rebuilt from scratch? These numbers are actually larger than you initially estimate. The Department of Commerce has determined that 90% of companies which do not have access to data for more than 5 days go out of business within 1 year. Does this fact change the way you think about the value of your firm's data? The protection and assured availability of your company data?

A thorough Business Continuity and Disaster Recovery Plan is a key part of ensuring the "Survivability" of your company in the event of a business interruption or serious data loss. It is estimated that less than 5% of unregulated* businesses have a current and thorough Business Continuity and Disaster Recovery Plan.* (Banks, financial institutions, and publicly held firms are some of the business types that are federally required to have a BC/DR Plan.)

As a business professional, it is essential (and possibly legally required) that you protect your firm's assets. After reading this article and answering a few simple (maybe complex) questions you should have a new appreciation for the value of your firm's data and understand the need to be more proactive in the protection and assured availability of your data. Start the BC/DR Plan development process today.


Endsight adds a new award to a growing list of accolades and recognition

Throughout 2024, we're proud to announce that we won some amazing awards! These accolades continue to show our team's..

Understanding Phish Testing and Its Importance

Phish Testing: Why It’s a Must for Your Cybersecurity Strategy Phish testing and training are essential components of..

Key Insights from Our Webinar: Fixing Your Winery’s Data Problems

We Hosted a Webinar—Here’s What You Missed On October 17th, we hosted an insightful webinar titled Optimizing Your..