Discharging appropriate responsibility for information management within a business is critical to reducing risk and gaining competitive advantage. However, as the volume and complexity of information moving into and out of a business grows, so too does the responsibility placed on those impact charged with looking after it.
Traditionally, ultimate responsibility has been assigned to the IT function, something which nearly half (46 per cent) of all mid-market companies in Europe still do today. However, with information risk and reward now far more significant, a degree of responsibility for how information is managed needs to assigned to those at the very top of the business ‒ it needs to be a boardroom issue. Beyond senior management and the board, all employees have a key role to play in keeping information secure. Although our recent research has identified a small rise in CxOs becoming ultimately responsible for information risk(1 in 10 respondents to the PwC research), senior managers still largely think information risk is an IT concern (73 per cent of respondents).
Whilst this approach might have worked a few years ago, assigning responsibility to just one job function can in fact add to the risk, by potentially limiting the awareness and full visibility of the risks posed to the wider business. As we have suggested elsewhere on this blog, addressing information risk needs to be a shared responsibility that is led from the top. All too often, businesses build a digital fortress to protect their data only to watch information walk out the door on paper or left on a printer for anyone to see. Recent research we undertook revealed that 45 per cent of office workers have seen sensitive records left on printers or out on desks for anyone to see.
Instilling a culture of responsibility, driven by the senior management team with employees at its heart will be vital in reducing risk. Employees can be the greatest threat to information but are also your greatest asset when it comes to protecting and preserving it.
Read the findings of the PwC research here: http://www.ironmountain.co.uk/risk-management