Security experts have admitted that many businesses are yet to fully grasp the importance of data security despite stronger regulation and a series of highly publicised breaches.

At Gartner’s IT Security Summit in Sydney on Wednesday executives from McAfee and IBM revealed that it is very evident that businesses are oblivious to the whereabouts of their sensitive data.

“There’s still not a good understanding of what data customers have and they don’t know where all their data is stored,” said Pamela Warren, from the Cybercrime and Government/Healthcare Education Initiatives at McAfee.

She said, customers don’t try to deny the fact that they don’t know where their data is and are the first to acknowledge it, but admit it’s a challenging task.

“To just get that base line understanding of where their data is and knowing that their data is constantly changing is challenging. Not only that, but the customer base is constantly changing, the employer base and who shares what information is constantly changing as well,” she said.

It’s certainly a complicated issue and is often the primary reason for a company’s lax approach, according to Dermott McCann, security executive at IBM.

“Solutions are there to fix the bulk of it, [but] in terms of the priority for most organisations the task of managing and controlling data outweighs the benefit when they realise the size of the task,” said Dermott.

The benefit may in fact outweigh the colossal task of collecting, storing and classifying data if auditors and the courts get involved.

According to Andrew Walls, privacy and risk analyst at Gartner, a court of law will require the company to identify and capture all information if a case is brought forward either by them or against them.

“Which means every Word file, every Spreadsheet and email that addresses an issue needs to be captured and freezed.

"How information moves in our ogranisations has a fundamental impact on our capability to discovery requirements today,” said Walls.