A qualitative study of data security & data privacy challenges faced by listed companies in Sri Lanka

Abstract

This is a data-driven world and surprisingly data has become the new commodity of the age. Similar to oil in the 18th century, data is a tremendously untapped valuable resource in the modern digital age. Digital protection is becoming just as crucial as physical protection. Since security, privacy and data are all interrelated, it needs more security and privacy to ensure the safety of its stakeholders both online and offline. Protecting the data, from internal and external corruption and unauthorized access is challenging. Accordingly, this qualitative study targets to address this need for data protection and data confidentiality by identifying the data security & data privacy threats faced by listed companies in Sri Lanka. This study intended to specifically address three questions 1. What are the data security and privacy concerns which are likely to be faced in practice? 2. What are the possible effects of cyber threats? 3. How do Information and Cyber Security infrastructures fight against these invisible enemies on the digital battlefield? Data for this study has been collected through in-depth interviews with 11 IT professionals using a semi-structured interview guide. Thematic analysis has drawn 3 themes that are directed to identify 20 data security and privacy concerns. Sri Lankan companies are encountering an increasing number of data breaches, Ransomware attacks, phishing scams, viruses, and other threats as a growing remote workforce has posed additional challenges to the safety of confidential information where Data Privacy is also being affected simultaneously.