Iron Mountain/PwC study reveals disconnect between information insight and information risk management

Nearly two thirds (62 per cent) of European and close to half (47 per cent) of North American mid-market companies believe their marketing teams have the best skills to extract value from information, and around half (46 and 57 per cent respectively) say the same for customer service. However, less than one per cent think these teams should have a responsibility for its protection, according to a report[i] by storage and information management company Iron Mountain and PwC.

Many organisations are unaware that this failure to link employee access to information and accountability represents a serious threat to the security of their information. The 2014 Information Risk Maturity Index revealed that the majority of firms expect the IT security manager to grant free access to marketing and customer-facing teams to help them reach new customers and markets (60 per cent) and improve customer service (80 per cent). However, in over a third of companies (39 per cent), the responsibility for information security is placed firmly at the feet of the IT security manager rather than the employees with access to the information.

When it comes to the secure management and destruction of company information, the evidence suggests that marketing professionals are far more likely to engage in high-risk behaviour[ii] than other job roles. Consequently, there is a clear need to introduce protection and accountability for sensitive and confidential data, supported by appropriate guidelines and training.

Examples of high-risk behaviour include taking company sensitive information out of the office to work from home or working on confidential documents while travelling on public transport. The study found that one in three (35 per cent) marketing professionals work from home two-to-four times a week, more than any other job role reviewed, and that they are the most likely to look at business-sensitive work while commuting on public transport (35 per cent). Marketers are the employees most likely to send or receive work documents over a personal email account (48 per cent), at times via an insecure wireless network (12 per cent), and often discard documents in their waste bin when working away from the office (28 per cent).

Christian Toon, Head of Information Risk at Iron Mountain, said: “The 2014 Information Risk Index reveals that companies everywhere are struggling to make the most of their information while keeping it secure. Making data accessible for analysis and intelligence is essential for business growth – but the employees who use that data must know how to protect it. Our study of European office workers found that just a third of employers provided secure remote intranet access for marketing professionals working remotely. It is imperative that organisations recognise the gap between data security in the office and at home and bridge this as a matter of urgency.”

The 2014 Information Risk Maturity Index is the third annual study to measure how prepared companies are to manage and respond to information risk and address other key information trends. PwC surveyed senior managers at 600 European and 600 North American businesses with 250 to 2500 employees and a further 600 firms across both continents with up to 100,000 employees, in the legal, financial services, pharmaceutical, insurance and manufacturing and engineering sectors.

The full report Beyond Good Intentions: The need to move from intention to action to manage information risk, can be found here.
i The third Information Risk Maturity Index surveyed 1,200 mid-sized businesses (250-2,500 employees) and 600 enterprise businesses (over 2,500 employees) in Canada, France, Germany, Hungary, the Netherlands, Spain, the United Kingdom, Norway and the United States.

ii Research by Opinion Matters for Iron Mountain. The survey was carried out between 15/04/2013 and 01/05/2013. Sample: 5021 employed adults in the UK, France, Spain, Germany and the Netherlands.