- Security TWENTY
- Women in Security
Businesses in the UK are putting the confidential information of their customers and employees at risk by not implementing data security measures despite having the highest level of awareness of their responsibilities since 2011, a UK information destruction company has warned.
New research from Shred-it suggests that despite business leaders in the UK (98 per cent of C-suite executives [C-suites] and 88 per cent of SMEs business owners [SMEs]) claiming they are aware of their legal data protection requirements, this is still not translating into action with just over half of C-suites (56 per cent) and fewer than a third of SMEs (28 per cent) carrying out frequent information security audits. Of greater concern is the fact that while 72 per cent of C-suites say they’re ‘very aware’ of the legal guidelines around storing, keeping or disposing of confidential data, only half of UK SMEs (50 per cent) say the same, an increase of just 7 per cent since the survey began in 2011, indicating that SMEs risk falling behind their C-suite counterparts.
Shred-it is calling on UK businesses to once and for all turn information security awareness into action, and is encouraging SMEs in particular, to: conduct frequent data security audits, train staff on information security procedures, and safely dispose of unwanted confidential information.
Robert Guice, Executive Vice President Shred-it EMEA, says: “While it is encouraging to see data security awareness improve among UK businesses, it is simply not enough to be aware of the risks and legal requirements associated with information security, businesses in the UK must put this into action.
“SMEs are in serious danger of damaging existing relationships with larger businesses by not putting as much emphasis on information security as their C-suite counterparts.”
According to the fifth annual Security Tracker survey, almost a third of SMEs (27 per cent) have no protocol in place for storing and disposing of confidential data, compared to just 3 per cent of C-suites. Larger companies are also striding ahead when it comes to disposal methods with over a third of C-suites (35 per cent) saying they have a locked console in the workplace for confidential information, as well as the services of a professional information destruction firm, compared to only 11 per cent of SMEs.
Impact of lost or stolen data
Despite half (50 per cent) of SMEs claiming to be ‘very aware’ that they should implement information security protocols, many SMEs were not aware of the overall impact to their business if these protocols are not put in place. Worryingly, only 10 per cent of SMEs claim that a data breach would seriously impact their organisation compared to 37 per cent of C-suites, despite the potential legal, reputational and financial repercussions. Although the average data breach costs companies£2.37 million per breach, according to figures from the Ponemon Institute, only 5 per cent of SMEs think that a security breach would result in severe financial loss compared to 23 per cent of C-suites.
Since the inception of Shred-it’s Security Tracker research in 2011, results have shown that C-suites are continuing to improve their data security practices and are turning their awareness into action, the firm suggests. There is a dramatic improvement in how often they dispose of confidential information, with 56 per cent now disposing of information every two or three months – increasing from just 17 per cent in 2014. SMEs have not seen such a drastic improvement despite being aware that they should have the right protocols in place, with 36 per cent still claiming that they do not know the perceived impact of lost or stolen data.