PwC and Iron Mountain: the 2014 mid-market information risk index

By: In: Information Risk On: Jun 12, 2014
PwC and Iron Mountain: the 2014 mid-market information risk index

Can businesses manage information risk and capitalise on the value of their information? Iron Mountain in conjunction with PwC has just published the figures for the third annual Information Risk Maturity Index. This year, the mid-market report involves 1,800 organisations located in Europe and, for the first time, North America. The report’s conclusions were surprising:

  • Size and location don’t matter.
    Companies in all sectors and geographies are struggling to manage information risk. As the variety, volume and velocity of information increases, so does the potential for risk.
  • Information has value, but. . .
    Companies recognise the opportunity in their information but struggle to find and use it to add value. Only around a quarter of the companies surveyed use information to increase their speed to market, and even fewer use information to boost service development cycles. Read our press release on this topic.
  • Information risk is largely an IT-only issue.
    Very few organisations distribute the responsibility for information throughout the business to include all employees who create and use it to do their jobs.
  • The infosec challenge on paper.
    For most of the organisations surveyed, the biggest information risk they face is not cyber threats or malware, but their paper-based information. The majority of businesses (62% in the mid-market and 58% of companies with more than 2500 employees) ranked paper records as the greatest threat to their information security.

Read the full report




← Gary Blakeley tells the First World War story of Private James McCarthy How to make a strong start with retention management →

Leave A Comment

About the author

Christian Toon

Christian Toon is a former Iron Mountain employee who now works closely with our business within his new role: Senior Cyber Security Expert at PwC UK. Christian's thought leadership in this space is well-acknowledged across the industry. Christian has obtained numerous industry specific and recognised qualifications, he is a qualified Prince2 Practitioner and ISO IEC 27001:2005 Lead Auditor as well as holding auditing qualifications with ISO 9001, ISO 18001 and 14001. Christian has also completed all the Information Assurance Levels from the National School of Government. Christian's application to the Institute of Information Security Professionals (IISP) is currently under review along with a potential application to further his development with an Masters in Information Security.