Organisations understand that information has value but are more concerned with defending their information against data breaches or legal action than they are with using it to drive competitive advantage and growth. That is according to a new report by storage and information management company Iron Mountain
Their 2014 Information Risk Maturity Index explores how mid-market and enterprise-level businesses in Europe and North America protect their information and use it for business benefit. More than four in five companies surveyed in the UK (83 per cent) regard information as a business asset, yet on average just 35 per cent employ data analysts to extract value from their information. Companies acknowledge that information has helped them to improve their decision-making, understand their customers better or drive revenue, but its potential in other key areas remains under-exploited.
Fewer than two thirds of UK firms (64 per cent) are using information to enhance product or service innovation. One in five (18 per cent) use information to increase their speed to market, while just over one in ten (12 per cent) say that information has boosted product or service development cycles. When asked to rank their information management priorities, the majority of UK firms (88 per cent) opted for avoiding a data breach and avoiding legal action, or a fine for non- compliance (84 per cent). The 2014 Index is the third annual study to measure how prepared companies are to manage and respond to information risk and address other key information trends. Whereas in previous years the research focused on European mid-market businesses, this year the research expanded to cover mid-market and enterprise-level businesses in both Europe and North America.
The study found a correlation between firms who are well equipped to manage information risk and those who can extract value from their information. The results are broadly, and sometimes surprisingly, consistent across mid-market and enterprise firms, across both continents and across the six business sectors surveyed. Unlocking the value of information appears to be a challenge for all.
Christian Toon, pictured, head of information risk at Iron Mountain, said: “While most firms claim to understand the value of information, they are not using their information to speed the development and launch of better products and services, faster, to more customers, in more markets. No organisation would willingly turn down such an opportunity for competitive advantage, which suggests that the problem lies in not knowing how to achieve it. It is critical that companies get to grips with this, and adopt a responsible-yet-proactive approach to information risk and value, not just to protect the business, but to let it thrive.”
PwC surveyed senior managers at 600 European and 600 North American businesses with 250 to 2,500 employees and a further 600 firms across both continents with up to 100,000 employees, in the legal, financial services, pharmaceutical, energy, insurance and manufacturing and engineering sectors. The results suggest that the average Information Risk Maturity Index score for European companies in 2014 is 56.1 in the mid market (down from 56.8 in 2013) and 66.3 for enterprise, set against a score of 100. Mid market firms in the UK fell below the European average in 2014, receiving an average index score of 55.9. For North America, the Index scores are 54.5 (mid market firms) and 65.6 (enterprise).
Claire Reid, PwC Risk Assurance partner says: “Businesses face the same problems everywhere. They operate in an information landscape that is defined by the increasing volume, variety and velocity of information moving through the business, and by a wide range of risks. At the same time, there is a growing expectation that businesses should exploit information to create value. Too many companies believe they understand the risks and value of information, but are frustratingly passive about doing anything about it. Your information may be the greatest business asset you have. Your customers have entrusted you with their most personal data – you cannot afford to allow information risk management to be a mere tick-box exercise.”
A summary of the report, Beyond Good Intentions: The need to move from intention to action to manage information risk, can be found at www.ironmountain.co.uk/risk-management.
