The Cost of Ignoring Information Risk

By: In: Risk Management On: Dec 02, 2015
The Cost of Ignoring Information Risk

Why you need to minimise your exposure

It’s difficult to put a precise figure on information risk, but that doesn’t mean you should give it lower priority than other, more quantifiable threats. The reason is simple – the consequences of an information catastrophe can cost you millions and damage your organisation’s reputation.

The catastrophic data breach is every company’s worst nightmare. While hackers tend to hit the headlines, according to a PwC 2014 Global State of Information Security Survey, information security incidents are almost as likely to come from current employees. Government research in the UK showed that nearly a third of the worst security breaches in 2014 were caused by human error, with a further 20% due to deliberate misuse of systems by staff.

Increasing fines, damaged reputation

While fines for data breaches can be up to £500,000, these are often the least of an organisation’s worries. Reputational damage can cost far more in the long run. The London Chamber of Commerce estimates that 90% of companies who suffer a significant data loss go out of business within two years.

From paper records to social media posts and emails, the challenges show no sign of receding. What’s more, it’s not always easy to determine who should have access to what information and who shouldn’t. And there are added questions around how people should access information and from where. What happens if sensitive information is printed out and left on a bus? Or saved to a laptop that’s left in a restaurant?

Preparation is key

Despite all this, there remains a general lack of preparedness for data risk among European businesses. PwC found that only 27% have policies in place for the security, storage and disposal of confidential information. And just 26% follow up on information risk training to determine its effectiveness.

In the future, the most successful businesses will find the balance between protecting information and setting it free to fuel innovation and growth. The aim is not to lock information away, but to use it to its full advantage.

Data security is about everybody in the business doing the right thing every day. This means universal, ongoing training on policies and procedures, just like any other company-wide, business-critical aspect of operations.

In our next blog, we’ll be looking at six practical steps your business can take to minimise your exposure to information risk.

To learn how you your business can reduce information risk, get our latest guide to managing information risk.

← Six Steps to Get Information Security Right The unsung hero on the #infosec front line →

Leave A Comment

About the author

Phil Greenwood

Phil Greenwood is Country Managing Director & Commercial Director at Iron Mountain responsible for delivering information and records management solutions into the UK's largest Public, Private and NHS customers. Phil directs and runs specialist sector teams aligned to the sector specific requirements of Iron Mountain's clients. These requirements demand innovative solutions that deliver compliance and governance as well as efficiency and cost cutting in order to transform business results and improve the way organisations use their information. Phil has over 10 years' experience working with UK and International records management. He is involved with the UK Information and Records Management Society. Phil has worked within service delivery and customer facing roles, as well as in general management roles within the outsourcing and information management industries. Legally qualified, Phil has also spent time as a fee earner within law firms and has a strong understanding of the way that information and services drive the core business of client organisations.