Businesses in the UK are putting the confidential information of their customers and employees at risk by not implementing data security measures despite having the highest level of awareness of their responsibilities since 2011, the UK’s largest information destruction company has warned today.
New research from Shred-it reveals that despite business leaders in the UK (98% of C-suite executives [C-suites] and 88% of SMEs business owners [SMEs]) claiming they are aware of their legal data protection requirements, this is still not translating into action with just over half of C-suites (56%) and fewer than a third of SMEs (28%) carrying out frequent information security audits. Of greater concern is the fact that while 72% of C-suites say they’re ‘very aware’ of the legal guidelines around storing, keeping or disposing of confidential data, only half of UK SMEs (50%) say the same, an increase of just 7% since the survey began in 2011, indicating that SMEs risk falling behind their C-suite counterparts.
Shred-it is calling on UK businesses to once and for all turn information security awareness into action, and is encouraging SMEs in particular, to: conduct frequent data security audits, train staff on information security procedures, and safely dispose of unwanted confidential information.
“While it is encouraging to see data security awareness improve among UK businesses, it is simply not enough to be aware of the risks and legal requirements associated with information security, businesses in the UK must put this into action,” warns Robert Guice, Executive Vice President Shred-it EMEA.
Guice continued, “SMEs are in serious danger of damaging existing relationships with larger businesses by not putting as much emphasis on information security as their C-suite counterparts.”
According to the fifth annual Security Tracker survey, almost a third of SMEs (27%) have no protocol in place for storing and disposing of confidential data, compared to just 3% of C-suites. Larger companies are also striding ahead when it comes to disposal methods with over a third of C-suites (35%) saying they have a locked console in the workplace for confidential information, as well as the services of a professional information destruction firm, compared to only 11% of SMEs.
SMEs failing to recognise impact of lost or stolen data
Despite half (50%) of SMEs claiming to be ‘very aware’ that they should implement information security protocols, many SMEs were not aware of the overall impact to their business if these protocols are not put in place. Worryingly, only 10% of SMEs claim that a data breach would seriously impact their organisation compared to 37% of C-suites, despite the potential legal, reputational and financial repercussions. Although the average data breach costs companies£2.37 million per breach, according to figures from the Ponemon Institute, only 5% of SMEs think that a security breach would result in severe financial loss compared to 23% of C-suites.
Data security five years on
Since the inception of Shred-it’s Security Tracker research in 2011, results have shown that C-suites are continuing to improve their data security practices and are turning their awareness into action. There is a dramatic improvement in how often they dispose of confidential information, with 56% now disposing of information every two or three months – increasing from just 17% in 2014. SMEs have not seen such a drastic improvement despite being aware that they should have the right protocols in place, with 36% still claiming that they do not know the perceived impact of lost or stolen data.
Notes to editors
About the survey:
Ipsos MORI is one of the largest and best known research companies in the UK and a key part of the Ipsos Group, a leading global research company. With a direct presence in 60 countries our clients benefit from specialist knowledge drawn from our five global practices: public affairs research, advertising testing and tracking, media evaluation, marketing research and consultancy, customer satisfaction and loyalty.
Ipsos Mori conducted a quantitative online survey of two distinct sample groups: Small business owners in UK (all of which have fewer than 100 employees), and C-suite executives working for businesses in the UK with a minimum of 250 employees.
The fieldwork was conducted between 20 April and 3 May 2015
For further information contact:
Phone: (0)20 7067 0258
Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. The company operates in 170 markets throughout 18 countries worldwide, servicing more than 400,000 global, national and local businesses. For more information, please visit www.shredit.co.uk.