More than half of European mid-sized firms would refuse to do business with a company that had suffered a data breach, despite the fact that 41 per cent believe data loss is just an inevitable part of daily business, according to a new report.
The ‘2013 Information Risk Maturity Index’, released by storage and information management company Iron Mountain and PwC, shows that, even as European companies are experiencing a 50 per cent per year increase in data breaches, their approach to information management is defined by confusion. While 68 per cent of companies recognise that a responsible attitude to information is critical to business success, 47 per cent say their Board does not see data protection as a big issue.
The majority of businesses deem cutting costs more important than reducing exposure to information risk. Not even half have an information risk strategy in place. Indeed, most mid-cap businesses say the pace of change in information risk is so staggering that they will never keep up with it.
Christian Toon, risk and security at Iron Mountain said that, tricky as it is, adopting a responsible approach to information management is critical. There is a growing gap between attitude and action at a time of increasing complexity and rising threats to information security. Businesses are unsure what to do or where to turn. It is critical that they adopt a responsible approach to information management, not just to deserve and preserve their brand reputation and customer loyalty, but to ensure that other firms will want to keep doing business with them.
PwC surveyed senior managers at 600 European businesses with 250 to 2,500 employees in the legal, financial services, pharmaceutical, insurance and manufacturing and engineering sectors.
In 2012, the UK held the position of Europe’s worst performer in managing information risk. In 2013, it has moved up the rankings, overtaking Spain and France to fourth best performer, just behind Germany. However, the UK mid-market continues to struggle with the communications and strategic elements required to be fully equipped for information risk. There’s still a long way to go, warns Claire Reid, PwC risk assurance partner.
“Too many European companies continue to undervalue their information assets and overestimate their ability to protect them. This is no longer a lack of awareness; it’s a lack of action. Information underpins market position and customer confidence, and any kind of information loss can deliver catastrophic reputational damage.
As information breaches increase at a spectacular pace, European companies need to understand that failing to take action to safeguard information means they will almost certainly become a victim.