European companies would not want to work with another firm that had suffered a data breach.
According to research of 600 medium-sized businesses by Iron Mountain and PwC, 58 per cent of respondents said that they would refuse to do business with a company that had suffered a data breach, despite the fact that 41 per cent believe data loss is just an inevitable part of daily business.
Speaking to SC Magazine, Christian Toon, head of information risk for Europe at Iron Mountain, said that often businesses will see the headlines and the impact of a data breach.
Claire Reid, risk assurance partner at PwC, said: “The problem for medium-sized businesses is that a £500,000 fine can be a lot and it may take them out of business. Something will happen very soon and it could cost organisations too much to take any action.”
The report also found that while 68 per cent of companies recognise that a responsible attitude to information is critical to business success, 47 per cent say their board does not see data protection as a big issue.
Toon said that a good job is done generally in stressing the importance of data protection, and the culture of the organisation is buying into that, but often there is complacency at the top and an overall cultural change is needed.
“The use of coasters, mugs and posters will change and employees need to know what happens and management need to know what to do to change behaviours and put things in place,” Reid said.
In addition, while 44 per cent expect the risk of a data breach to increase, 60 per cent believe that cutting costs is more important than reducing exposure to information risk. Also, fewer than half (45 per cent) have an information risk strategy in place and measure its effectiveness, and 38 per cent have a plan but do not know whether it works or not.
Toon said that the point of the research was to look into areas that he felt were not researched enough, as information risk management is often not considered as a broader security trend as people do not know what it actually means or how it impacts them.
“It is about having a strategy and going beyond the four walls of the network so a company can monitor the effects and protect their crown jewels,” he said.
“Know what you have and protect it.”