Two thirds of European mid-market firms believe marketing and customer service teams have the best skills to extract value from information, yet less than one per cent think they should be responsible for its protection. That is according to a study by audit firm PwC and the information management company, Iron Mountain.
The study points to a failure to link employee access to information and accountability. It concludes a third of companies believe IT security managers are responsible for the information’s management rather than the employees. According to the survey organisers, there is a clear need to introduce protection and accountability for sensitive and confidential data and further educate all staff to avoid high-risk situations.
Examples of high-risk behaviour staff have undertaken which put information at risk include working while travelling on public transport (35 per cent), sending work documents to a personal email account (48 per cent) and discarding documents in their waste bin (28 per cent).
Many organisations are unaware that this failure to link employee access to information and accountability represents a serious threat to the security of their information. The 2014 Information Risk Maturity Index found that the majority of firms expect the IT security manager to grant free access to marketing and customer-facing teams to help them reach new customers and markets (60 per cent) and improve customer service (80 per cent). However, in over a third of companies (39 per cent), the responsibility for information security is placed firmly at the feet of the IT security manager rather than the employees with access to the information.
Marketers are the employees most likely to send or receive work documents over a personal email account (48 per cent), at times via an insecure wireless network (12 per cent), and often discard documents in their waste bin when working away from the office (28 per cent).
Christian Toon, Head of Information Risk at Iron Mountain, said: “The 2014 Information Risk Index reveals that companies everywhere are struggling to make the most of their information while keeping it secure. Making data accessible for analysis and intelligence is essential for business growth – but the employees who use that data must know how to protect it. Our study of European office workers found that just a third of employers provided secure remote intranet access for marketing professionals working remotely. It is imperative that organisations recognise the gap between data security in the office and at home and bridge this as a matter of urgency.”
The 2014 Information Risk Maturity Index is the third annual study to measure how prepared companies are to manage and respond to information risk and address other key information trends. PwC surveyed senior managers at 600 European and 600 North American businesses with 250 to 2500 employees and a further 600 firms across both continents with up to 100,000 employees, in the legal, financial services, pharmaceutical, insurance and manufacturing and engineering sectors.
For the full report Beyond Good Intentions: The need to move from intention to action to manage information risk, visit the Iron Mountain website.
The third Information Risk Maturity Index surveyed 1,200 mid-sized businesses (250-2,500 employees) and 600 enterprise businesses (over 2,500 employees) in Canada, France, Germany, Hungary, the Netherlands, Spain, the United Kingdom, Norway and the United States.
