Why you need to minimise your exposure
It’s difficult to put a precise figure on information risk, but that doesn’t mean you should give it lower priority than other, more quantifiable threats. The reason is simple – the consequences of an information catastrophe can cost you millions and damage your organisation’s reputation.
The catastrophic data breach is every company’s worst nightmare. While hackers tend to hit the headlines, according to a PwC 2014 Global State of Information Security Survey, information security incidents are almost as likely to come from current employees. Government research in the UK showed that nearly a third of the worst security breaches in 2014 were caused by human error, with a further 20% due to deliberate misuse of systems by staff.
Increasing fines, damaged reputation
While fines for data breaches can be up to £500,000, these are often the least of an organisation’s worries. Reputational damage can cost far more in the long run. The London Chamber of Commerce estimates that 90% of companies who suffer a significant data loss go out of business within two years.
From paper records to social media posts and emails, the challenges show no sign of receding. What’s more, it’s not always easy to determine who should have access to what information and who shouldn’t. And there are added questions around how people should access information and from where. What happens if sensitive information is printed out and left on a bus? Or saved to a laptop that’s left in a restaurant?
Preparation is key
Despite all this, there remains a general lack of preparedness for data risk among European businesses. PwC found that only 27% have policies in place for the security, storage and disposal of confidential information. And just 26% follow up on information risk training to determine its effectiveness.
In the future, the most successful businesses will find the balance between protecting information and setting it free to fuel innovation and growth. The aim is not to lock information away, but to use it to its full advantage.
Data security is about everybody in the business doing the right thing every day. This means universal, ongoing training on policies and procedures, just like any other company-wide, business-critical aspect of operations.
In our next blog, we’ll be looking at six practical steps your business can take to minimise your exposure to information risk.
To learn how you your business can reduce information risk, get our latest guide to managing information risk.