Managing information risk – European business must do better


European companies are improving when it comes to managing information risk, but they must do even better.PWC and Iron Mountain have published their 2013 Risk Maturity Index, exploring attitudes to information risk and examples of best practice in mid-sized businesses in six countries in Europe (France, Germany, Hungary, Netherlands, Spain and UK*).  Their findings suggest there has been some improvement in attitudes to information risk, but that there is still a long way to go.  Middle sized (250-2,500 employees) European companies are ‘ill equipped' to navigate the complex information landscape.Key findings of the study

  • Awareness of the importance of information risk management is growing
  • The average number of data breaches is growing 50% per year
  • 36% of companies are keeping all of their data ‘just in case'
  • Only 45% of companies have an information risk strategy
  • 42% of those surveyed are worried about the security of their company's stored data
  • Only 25% consider their employees to be a serious threat to information security
  • 45% do not monitor employee social media use
National differencesCompanies in the Netherlands performed better than in any other country.  They were more likely to have strategies and plans in place to deal with BYOD and minor data ‘mishaps'. They were also much more likely to have a corporate risk register.  Alongside companies in France, Dutch businesses were most likely to treat information risk at board level.Hungary takes second place in the Risk Maturity Index.  Over the last 12 months, businesses have focused on raising employees' awareness of information risk issues and providing relevant training.Spanish companies lag behind those in other countries and are least likely to provide guidelines to employees or to have key security measures in place.Best practice
  •  Information management and risk must be a board level issue
  • Information audits - identify what you have, where it is stored and how it is classified
  • Operate a policy of ‘controlled trust'
*600 senior managers were interviewed in mid-sized businesses in the six countries.The White Paper is free to download from Iron Mountain.[Follow Val Skelton on Google+]