Well-managed information has become a precious business asset.
Inevitably, as it becomes more valuable, information becomes more vulnerable. Data breaches, cyber threats and fraud are all on the rise. Such malicious threats combined with human error are exposing points of weakness in a fast-changing, complex information landscape and are putting brand reputation on the line.
Against a regulatory backdrop that is not always clear, companies are struggling to cope with the need to manage legacy archives along with the exploding volume of data generated by new technologies. As a consequence, businesses are facing unprecedented levels of information risk.
A recent report by Mountain and PwC revealed some significant differences in the way that younger and older firms perceive and address their information risk. Each side has important insight to offer the other. Things that older firms can teach younger firms:
1. Having a plan is as important as ‘getting the job done'.
Just under half (49 per cent) of younger firms – those which have operated for between two to five years – admit freely that they are much better at doing things than they are at strategic planning. Older firms on the other hand – those that have been in business for a decade or more – appear to have learned that knowing why you do something is just as important as what you do, with over half (56 per cent) having a monitored information risk strategy in place, compared to just 14 per cent of younger firms.
2. It is alright to be cautious about trusting employees with information.
Younger firms are far more trusting when it comes to their employees and their data. Just 18 per cent believe employees are a threat to information security, and only half have an employee code of conduct; while a more significant 42 per cent of older firms see employees as a threat and two thirds have an employee code of conduct in place. If caution leads to codes, guidelines and training to help employees better understand the risks and protect information then caution should be encouraged and applauded.
3. Information risk should be a boardroom issue.
Half of younger firms say the board does not see information security as a big issue, whereas the boards of the mature business are far more likely to see information risk as worthy of their attention. Senior-level support is critical if information risk is to be taken seriously.
Some interesting points that both young and old firms should pay attention to:
4. Today's complex world of hybrid information is here to stay.
Younger firms are more likely to feel comfortable managing structured and unstructured information in digital and physical formats across multiple locations (55 per cent compared to 38 per cent for older firms.) This multi-format, multi-channel data world is the new reality; there is no turning back, so you might as well embrace it.
5. Money isn't everything: the greatest victim of a data breach could be your reputation.
All firms agree that the impact of a data breach will touch customer loyalty (58 per cent for both) and brand reputation (52 per cent for both), but older firms are nearly twice as likely to be concerned about financial and legal consequences.
Information risk touches us all. Just as firms hold their employees' and suppliers' data, not to mention their own precious knowledge and intellectual property, many also hold personal information about us as the consumers of their products and services. This information needs and deserves to be protected.
Marc Duale is president international at Iron Mountain
Beyond awareness: the growing urgency for data management in the European mid-market, PwC for Iron Mountain. PwC surveyed senior managers at 600 leading European businesses with 250 to 2500 employees in the legal, financial services, pharmaceutical, insurance and manufacturing and engineering sectors. The results were assessed for France, Germany, Hungary, the Netherlands and Spain.