Whose risk is it anyway? – nurturing a culture of shared responsibility

By: In: Corporate Information Responsibility On: Oct 28, 2014
Whose risk is it anyway? – nurturing a culture of shared responsibility

Discharging appropriate responsibility for information management within a business is critical to reducing risk and gaining competitive advantage. However, as the volume and complexity of information moving into and out of a business grows, so too does the responsibility placed on those impact charged with looking after it.

Traditionally, ultimate responsibility has been assigned to the IT function, something which nearly half (46 per cent) of all mid-market companies in Europe still do today.  However, with information risk and reward now far more significant, a degree of responsibility for how information is managed needs to assigned to those at the very top of the business ‒ it needs to be a boardroom issue. Beyond senior management and the board, all employees have a key role to play in keeping information secure. Although our recent research has identified a small rise in CxOs becoming ultimately responsible for information risk(1 in 10 respondents to the PwC research), senior managers still largely think information risk is an IT concern (73 per cent of respondents).

Whilst this approach might have worked a few years ago, assigning responsibility to just one job function can in fact add to the risk, by potentially limiting the awareness and full visibility of the risks posed to the wider business. As we have suggested elsewhere on this blog, addressing information risk needs to be a shared responsibility that is led from the top. All too often, businesses build a digital fortress to protect their data only to watch information walk out the door on paper or left on a printer for anyone to see. Recent research we undertook revealed that 45 per cent of office workers have seen sensitive records left on printers or out on desks for anyone to see.

Instilling a culture of responsibility, driven by the senior management team with employees at its heart will be vital in reducing risk. Employees can be the greatest threat to information but are also your greatest asset when it comes to protecting and preserving it.

Read the findings of the PwC research here: http://www.ironmountain.co.uk/risk-management


← Five ways to make and keep records management a top priority Information at Risk: expert insight in Belfast →

Leave A Comment

About the author

Phil Greenwood

Phil Greenwood is Country Managing Director & Commercial Director at Iron Mountain responsible for delivering information and records management solutions into the UK's largest Public, Private and NHS customers. Phil directs and runs specialist sector teams aligned to the sector specific requirements of Iron Mountain's clients. These requirements demand innovative solutions that deliver compliance and governance as well as efficiency and cost cutting in order to transform business results and improve the way organisations use their information. Phil has over 10 years' experience working with UK and International records management. He is involved with the UK Information and Records Management Society. Phil has worked within service delivery and customer facing roles, as well as in general management roles within the outsourcing and information management industries. Legally qualified, Phil has also spent time as a fee earner within law firms and has a strong understanding of the way that information and services drive the core business of client organisations.