Connect with us



risk management

For third year running, UK firms less prepared for information risk than European average

According to the latest Information Risk Maturity Index from Iron Mountain and PwC, firms in the UK have fallen behind their European counterparts when it comes to managing and responding to information risk.

Despite a string of high-profile data breaches and upcoming reforms to data protection legislation coming out of the European Parliament, the results from the 2014 Index show UK mid-market firms score 55.9 out of an ideal score of 100, five points below the leading European country Hungary which had a score of 60.2. This is only marginally better than the UK’s 2013 score of 55.4, illustrating the plateau that businesses appear to have reached and the difficulty many now face in becoming fully equipped for risk.

The annual index measures how prepared companies are to address key information trends against a target of 100. For the third year running, UK mid-market firms have fallen short of achieving the European average set by the Netherlands, Hungary, Germany, UK, France and Spain.

Phil Greenwood, Commercial Director at Iron Mountain, said: “UK firms have some way to go if they are to catch up with their European counterparts. For the third year running they have failed to match the average European score. It is critical that companies address this if they are to adopt a responsible-yet-proactive approach to information risk and value, not just to protect the business, but to help it thrive.”

Based on the findings of the Information Risk Maturity Index, Iron Mountain has identified a set of steps and actions to help businesses improve their data security:

  • Step 1: Make information risk a boardroom issue– ensure that it is a permanent point on the Board’s agenda, that there is a senior individual on the Board responsible for it, and that it is embedded into how the Board monitors overall corporate performance.
  • Step 2: Change the workplace culture– design and deliver information security awareness programmes, have the right guidance available for every person at every level, and reward and reinforce good behaviours throughout the organisation, from the most junior to the most senior employee.
  • Step 3: Put the right policies and processes in place– and ensure these cover all information formats (electronic, paper or media). Also, define any vulnerabilities relating to manual information handling, establish whistle blowing protocols, and review and test all systems and processes on a regular basis.

A summary of the report, Beyond Good Intentions: The need to move from intention to action to manage information risk, can be found at

Editorial & Advertiser disclosure
Our website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.
Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate


Newsletters with Secrets & Analysis. Subscribe Now