Information Economics – Understanding Risk

Return on information is maximising information’s value without losing sight of the risks it poses. A 2014 report by PwC and Iron Mountain found that, on average, mid-size businesses are only half as well prepared as they should be for information risks. The top two priorities are avoiding data breach and staying compliant.

A catastrophic data breach is every company’s worst nightmare. Research shows that such incidents are just as likely to be caused by staff as a malevolent external attack. And 20% are the result of deliberate actions by employees. Regulations governing information management are on the rise, and penalties for allowing sensitive data to fall into the wrong hands can be as high as £500,000. And reputational damage can cost a lot more. This is why about 90% of businesses that suffer a significant data loss go out of business within two years.

Although 73% of businesses say the responsibility for information security should lie with the IT department, 62% admit that paper records are the biggest risk. Which is better protected in your business? The data on your hard drives, or the information in your paper records?

Amazingly, on 23% of companies have formal policies for the security of confidential information. And just 37% have a fully monitored information risk strategy in place. To succeed, information risk policies need support from senior leaders—and from a cross-functional committee with a clear agenda and purpose.

By agreeing a plan, implementing a plan and continuously measuring the effect of those changes, it’s possible to build a culture of risk awareness.

One measure that significantly reduces information risk is offsite storage, with state-of-the-art security and controlled access to your records. To find out more, read part three of the Information Economics e-Book, 'What is the Cost of Ignoring Information Risk?’