Friday, March 23, 2012

Data Security not a Priority - The Information Risk Maturity Index

Data breaches will continue to expose European businesses to unnecessary risk and damage business reputations unless action is taken now to improve the management and protection of sensitive business information, says a new report by Iron Mountain and PwC.

The study highlights an urgent need for a change in employee behaviour and a cultural shift among senior executives if organizations are to overcome the complacency, negligence and lack of shared responsibility uncovered by the study.

PwC surveyed senior managers at 600 leading European businesses to compile the Information Risk Maturity Index.

The scores, assessed for France, Germany, Hungary, the Netherlands, Spain and the UK, suggest that many businesses are woefully unprepared to address and manage information risks such as data breaches, data loss and non-compliance.

The average score for European companies was 40.6 against an ideal score of 100.

The report, launched at Iron Mountain’s first European Information Risk Summit, reveals that:
  • Only around half of mid-sized businesses consider the loss of sensitive information as one of their top three business risks.
  • Less than a quarter (24 percent) of the companies surveyed were aware as to whether or not they had experienced a data breach in the last three years.
  • A mere 1 percent of respondents consider information risk to be the responsibility of every employee, while nearly two thirds (60 percent) concede that they do not know whether their employees have the right tools to protect information.
  • Only 13 percent consider information risk to be a boardroom issue, while around a third (35 percent) view all information risk – whether related to paper or digital information – as the responsibility of the IT department. This tendency to view information risk as an IT issue was found to be widespread, with 59 percent responding to a data breach by installing additional technology.
  • Just a third (36 percent) of companies have assigned responsibility for information risk to a specific individual or team whose effectiveness is monitored.
Marc Duale, President of International at Iron Mountain, said the report was a wake-up call for European businesses: “It is time for businesses to move from a culture of information apathy and neglect to a culture of information responsibility. Fail to act and you expose your customers to serious information risk while potentially leaving your company open to the risk of irreparable reputational damage.”

Read the report (PDF)

No comments:

Post a Comment