One of the survey questions in the recent information risk study we undertook with PwC asked businesses to rank the information risks that they are currently concerned with. Overwhelmingly, they ranked the handling of paper documents as the single greatest threat to the protection of their information. Around two thirds of mid-sized companies regard the management of information on paper as a serious security risk, more than double the number that fear the external threats such as hacking and malware to their digital information. This and other findings are set out in this infographic. Click on the image to open a scalable version in a new browser window.
The result was surprising. Unfortunately, the survey didn’t provide much detail on why businesses ranked this risk so highly. We can only guess at some of the reasons.
Is it a resource issue?
Managing and protecting information in all formats is not easy. However, with the significant investments that many have made to track and secure their digital information, many may feel that their electronic information poses less of a threat.
The study revealed that just 15 per cent of businesses have a team focused specifically on the protection of information on paper.
A good number of businesses (39%) have monitored policies in place to guide employee behaviour in the storage and disposition of digital records. Notably fewer, (31%) have the same in place for their paper documents. Paper, may just be harder to control. As we’ve stated elsewhere on this blog, you can invest a fortune in building a fortress around your digital information, just for highly sensitive information to be walk out the door on paper.
Is it about assigning responsibility to the right people?
Most organisations think IT security should have a responsibility for information risk (73%) and many (46%) believe IT managers should be ultimately accountable. However, just 3 per cent believe that the records manager should hold some responsibility. Arguably, those best placed to mitigate the risks to paper are not assigned the responsibility to do so. Preferably, the business unit that originated the content should be more involved in its management
What else could it be?
Many businesses are managing large legacy paper archives that have grown over time and, with successive change in personnel, may have lost track of what they have and where it is. This would leading to uncertainty over retention. Perhaps, with businesses focussing on the digital transformation of their paper, the concern of paper security has been highlighted. Whatever the answer, one thing’s clear, managing paper securely is hard to do and has become a significant concern for businesses of all sizes and sectors.
For advice on how to make your office paper light visit:
Please post a comment below and let me know what you think could be contributing to this concern with the perils of paper.