Emerging trends in information management: closing the gap between risk and value

By: In: Information Risk On: Sep 19, 2014
Emerging trends in information management: closing the gap between risk and value

The way businesses manage their information is changing. For a long time, the focus has been on securing information, keeping it safe from external and internal threats. That’s not to say that businesses always got it right – many a newspaper headline bears testimony to information security shortcomings in organisations of all kinds.

Today, businesses are talking increasingly about harnessing the value of their information. Our research with PwC showed that three quarters of businesses are now treating their information as an asset. Moreover, a third of all businesses with more than 250 employees are employing data analysts, and if they’re not then many (over 40%) are planning to do so. This does not mean, however, that companies are not prioritising measures to keep their information safe. And rightly so ‒ after all, a valuable asset must protected.


As this excerpt from the PwC mid-market ( firms from 250 to 2,500 employees) research demonstrates, avoiding a data breach and non-compliance with information legislation are front of mind for business when they think about information risk. Both could, of course, have severe consequences in terms of fines, reputational damage and customer relationships. And while the use of information to drive innovation may not be so highly prioritised, we see that improving customer service and gaining customer insight are of equal importance to the mid-market.

Information evolution

This change in how companies manage their information is unsurprising. Sophisticated technologies have afforded businesses the opportunity to collect an ever-growing volume of customer data that can help build complex profiles and identify patterns of behaviour and shifting trends. Every movement of the mouse, every click on a link and every content download or product purchase is valuable to understanding buyer behaviour.

Hardly surprising then that many organisations turn to the roles closest to the customer to deliver this insight. Our research with PwC revealed that nearly two-thirds of European and just under half of North American mid-market firms believe their marketing teams have the best skills to extract insight from information, and close to half (46 and 57 per cent respectively) say the same for their customer service teams.

Assigning information responsibility

But here many businesses may be missing an important step. Less than one per cent of businesses think these teams should have a responsibility for protecting the information – overwhelmingly businesses see the information responsibility as an IT-issue. And this, potentially, is a conflict between information access and information security. Making data accessible for analysis and intelligence is essential for business growth – but the employees who access and exploit that data must also know how to protect it.

Understanding risky behaviour

A study we undertook of European office workers found that marketing professionals are far more likely to engage in high-risk behaviour than other job roles when it comes to the secure management and destruction of company information.

Examples of high-risk behaviour would include:

  • Taking company sensitive information out of the office to work from home
  • Working on confidential documents while travelling on public transport
  • Not destroying documents securely

Our study found that one in three (35 per cent) marketing professionals work from home two-to-four times a week, more than any other job role reviewed, and that they are the most likely to look at business-sensitive work while commuting on public transport (35 per cent).

Marketers are the most likely to send or receive work documents over a personal email account (48 per cent), at times via an insecure wireless network (12 per cent), and seem happy to discard documents in their waste bin when working away from the office (28 per cent). Currently, only a third of employers provide secure remote intranet access for marketing professionals working remotely.

It is imperative that organisations recognise the gap between data security in the office and at home and bridge this as a matter of urgency. There is a clear need to introduce protection and accountability for sensitive and confidential data, supported by appropriate guidelines and training. Information is an asset, but only if that asset is managed and defended properly.

The PwC report for both the mid-market and businesses with more than 2,500 employees are both available now: download the latest report from here (requires registration).




← Are businesses evolving to keep pace with information management? The people perspective INFOGRAPHIC: Businesses struggle to use information for competitive advantage →

Leave A Comment

About the author

Christian Toon

Christian Toon is a former Iron Mountain employee who now works closely with our business within his new role: Senior Cyber Security Expert at PwC UK. Christian's thought leadership in this space is well-acknowledged across the industry. Christian has obtained numerous industry specific and recognised qualifications, he is a qualified Prince2 Practitioner and ISO IEC 27001:2005 Lead Auditor as well as holding auditing qualifications with ISO 9001, ISO 18001 and 14001. Christian has also completed all the Information Assurance Levels from the National School of Government. Christian's application to the Institute of Information Security Professionals (IISP) is currently under review along with a potential application to further his development with an Masters in Information Security.