- Security TWENTY
- Women in Security
A second annual pan-European Information Risk Maturity Index showed businesses have grown more aware of the threat posed by information risk, but few have strategies in place should a data breach occur.
Since last year’s first ever Information Risk Maturity Index, European businesses have grown more aware of the threat posed by information risk. However, the 2013 Index shows that Europe’s mid-sized firms are ill-equipped to navigate an increasingly complex information landscape defined by expanding volumes of information in multiple formats; a rising and more sophisticated level of malicious threats; and a growing requirement to manage information as a vital business asset.
The average number of data breaches is now growing at a rate of 50 per cent a year. Yet despite this increasing threat, the 2013 Risk Maturity Index shows that less than half (45 per cent) have an information risk strategy in place and measure its effectiveness, and 38 per cent have a plan but do not know whether it works or not.
Inconsistency is everywhere says the report: 68 per cent of businesses recognise that a responsible attitude to information is critical to success, and 44 per cent expect the risk of a data breach to increase. This, however, does not translate into action: 47 per cent say their Board does not see data protection as a big issue; 43 per cent say the same for employees; while 60 per cent believe reducing costs is more important than reducing exposure to risk.
Some appear to have decided there is nothing they can do anyway. More than half (54 per cent) say that the pace of change in information risk is so staggering that they will never keep up with it, and 41 per cent see data loss as an inevitable part of daily business.
Marc Duale, President of Iron Mountain International, said: “A year ago, our assessment of the readiness of European firms to cope with information risk revealed a landscape of complacency and carelessness that was putting firms at an unacceptable risk of data breaches. The report card for 2013 clearly states ‘some progress, but must do better’. In today’s hybrid paper-digital information world, firms risk drowning in a sea of complexity and confusion unless they take charge of their information. A responsible approach to information is vital if businesses want to realise the benefits of this important business asset. Such an approach is critical if businesses are to deserve and preserve their hard-won brand reputation and customer loyalty.”
To compile Europe’s 2013 Information Risk Maturity Index, PwC surveyed senior managers at 600 leading European businesses with between 250 and 2,500 employees, in the legal, financial services, pharmaceutical, insurance and manufacturing and engineering sectors. The results, assessed for France, Germany, Hungary, the Netherlands, Spain and the UK show that the average score for European companies in 2013 has increased to 56.8 against a target score of 100, compared to 40.6 in 2012.
The Index is based on a set of measures that, if put in place and frequently monitored, will help protect the digital and paper information held by an organisation. The index represents a balanced approach to preventing information risk, including strategy, people, communications and security measures.
PwC Risk assurance partner Claire Reid, says: “Businesses must embrace a new way of thinking in which information security is both a means to protect data and an opportunity to create value for the business. The 2013 Index suggests many firms still have a long way to go.”
A summary of the report, Beyond Awareness: the Growing Urgency for Data Management in the European Mid-market can be found at www.ironmountain.co.uk/risk-management
All data for ‘UK and elsewhere in Europe’, taken from 2013 Information Security Breaches Survey, PwC for Department of Business Innovation and Skills, April 2013.