Half of small firms in the UK still believe that the loss or theft of data from their organisation would have no impact on their business, according to new independent research commissioned by Shred-it, a UK document destruction company.
The survey among 1,000 UK businesses, undertaken by IPSOS, found that more than two thirds of UK SMEs (68 per cent) either never train their employees on company information security procedures and protocols (30 per cent), or do so only on an ad hoc basis (38 per cent).
This news comes despite last year’s enhancement of the powers of the Information Commissioner’s Office (ICO), to fine organisations up to £500,000 for serious breaches of the Data Protection Act. A mere 4 per cent of companies reported actively changing their information management procedures as a consequence of the changes, while 58 per cent of businesses ceded that they were not even aware of the enhanced powers.
Robert Guice, Executive Vice President, EMEA, Shred-it, said: “Ignorance is no defence in the eyes of the law and UK businesses need to wake up quickly to the fact that failures to store and dispose of confidential information in a secure manner could have far-reaching and potentially financially damaging impacts upon their operations.
“As a company owner or manager, understanding your legal obligations in view of the Data Protection Act, and developing policies and procedures to comply with them in a consistent and reliable manner is absolutely essential.”
Meanwhile, just half (48 per cent) of firms polled were able to confirm that they had undertaken a review of their secure document destruction processes during the last 12 months and, remarkably, a further 37 per cent conceded that they had either never reviewed these processes (21 per cent) or did not know when or if a review had been undertaken.
The Chief Executive of the Forum of Private Business, Phil Orford said, “It’s time companies got wise to the seriousness of data theft and the importance of protecting their information. Quite apart from the implications for the commercial viability of a business, failing to secure data properly could lead to a potentially huge fine.
“It might be tempting to push issues like this under the carpet but that would be a grave mistake – and there is support, advice and guidance available to make sure you are fully secure and protected. Use it.”
The survey also highlights that over a fifth (22 per cent) of firms classify themselves as either ‘not at all aware ’or ‘not very aware’ of their legal responsibility to keep secure confidential information relating to staff and customers.
Robert Guice added, “Information security issues should undoubtedly be championed in company Boardrooms across the UK – as the financial and reputation damage a security breach could inflict harbours upon any business is enormous.
“Company owners need to act on their instinct to look for advice, whether that’s via business advisory services, their in-house facilities manager, or indeed their recycling or secure document destruction supplier.”
The report also reveals:
* The issue of information security, and how to manage it, is not typically being managed at Boardroom level, with only 14 per cent of companies asserting it as a discussion topic among c-level decision makers.
* Company owners say they would turn most likely to general business advisory services, as those provided in the UK by the Forum of Private Business, for practical support on how to tackle these issues (37 per cent), compared with a Government Department (27 per cent) and the ICO (19 per cent).