New study finds that while companies broadly recognize that personal user data must be protected, more than half don’t have sufficient anti-scraping strategies in place.
Study also reveals best practices for more effectively protecting consumer data and preventing harmful data extraction in the wake of global data-scraping scandals.

• 87% of experts stated that user data scraping prevention is important or very important relative to other security issues.
• 89% have had user data scraped, but only 42% of respondents have a dedicated strategy to deal with data scraping.
• 64% of respondents rely on external service providers to support their anti-scraping efforts.

NEW YORK (December 12, 2022)—Leading B2B market research company NewtonX today launches the results of its Data Extraction Prevention Best Practices Study exploring the current state of consumer data protection and anti-scraping efforts. Data scraping, which describes an automated way of accessing and extracting data, places users’ privacy at risk and subsequently increases the liability and reputational risk for the companies who hold such data. Recognizing that data is the core driving force behind our global digital economy, NewtonX surveyed more than 1,300 professionals specializing in data protection across industries to not only better understand the policies companies are using to prevent harmful data extraction, but to get a firm handle on best practices as well.

Designed to equip data, privacy, compliance and IT security professionals with the knowledge they need to better safeguard customer and/or consumer data, the study demonstrates that when buy-in is secured from key stakeholders and proper procedures are employed, a company can prevent harmful data scraping. Notably, while most recognize the importance of data protection, more than half of companies (58%) do not currently have data protection strategies in place.

“Given that there have been several high-profile cases where scraping has harmed user privacy and simultaneously damaged the reputations of companies in recent years, it’s never been more important for companies to learn how to effectively handle data scraping,” said Patiwat Panurach, VP of Strategic Insights & Analytics at NewtonX. “While internet platforms must remain open in order to be useful, that openness poses a risk to users and companies alike that their data can be automatically extracted for malicious purposes. Our hope is that this study, its findings and its best practices not only stimulate conversation around this increasingly critical issue, but that it will also foster a community where anti-scraping learnings can be exchanged in the months and years to come.”

As part of its research, NewtonX found that nearly nine in 10 (87%) experts believe that user data scraping prevention is important or very important relative to other security issues, and roughly the same percentage (89%) have had their users’ data scraped. However, only 42% of respondents have a dedicated strategy to deal with data scraping. NewtonX also found that anti-data scraping awareness and efforts are varied, with some disagreeing over to what extent user data must be protected. To that end, some organizations have dedicated strategies and resources around data scraping prevention, while others do not perceive data scraping as negatively impactful or as a priority, further suggesting that there’s significant room for improvement.

Not only does data scraping happen without most users’ awareness, but it often has an invisible direct impact to users themselves—meaning data scraping misuse can go unnoticed. Fortunately, prevention measures are available and rarely create friction for users themselves. To that end, NewtonX advises that companies:

• Map their organization’s data. Classify data types, determine where it resides and grade its sensitivity.
• Determine data access requirements and exposure.
• Grasp the impact. Review traffic data, look externally at how other organizations are impacted by scraping and quantify.
• Secure internal buy-in. Use the quantified impact to raise awareness with senior leadership and gain sponsorship to build.
• Establish stakeholder responsibilities across departments.
• Determine gaps in internal teams and gather external experts.
• Establish detection methods.
• Determine the level of acceptable risk and map your techniques accordingly.
• Establish protocol to review incidents and improve.
• Document procedures and policies and share them with all internal stakeholders from the outset.
• Connect with peers to knowledge-share around best practices.