Click me
Transcribed

Risk Management Research - Iron Mountain

IRON MOUNTAIN BEYOND CYBER THREATS 2012 PWC AND IRON MOUNTAIN CREATE EUROPE'S FIRST RISK MATURITY INDEX European mid-sized business are failing to protect information assets 600 BUSINESSES ACROSS 600 EUROPEAN BUSINESSES PERFORMANCE WAS POOR 100 40.6 Strategy O People O Communications Security Current maturity of the mid market Excellence Across 600 European businesses performance was poor, with an average index score of only 40.6, out of a maximum score of 100. A score of anything less than 50 is bad news for companies, their customers and their collective peace of mind. Only 50% of mid-market businesses cited information risks as one of their top three overall business risks. Just 36% of mid-market businesses have a specific individual or team with responsibility for information risk, and whose effectiveness is monitored. 59% 60% 26% of businesses unsure whether their employees had the necessary tools to protect information of businesses reacted to data of businesses not loss by investing in IT and Technology conducting personnel background checks biggest threat! 111 IT Technology People "Business leaders ignore information security risk at their peril. Historically, business leaders have tended to regard information security as a technology issue..this is a complete misconception and needs to change." Richard Sykes - PwC Governance and Risk Compliance Leader This report is a wake-up call to mid-sized businesses. The risks they face are extensive, with the potential to make the difference between success and failure. What were the main impacts on your business arising from lost or misplaced information? Professional liability / exposure Reputational impacts Financial impact/loss of business Regulatorysanctions / penalties Don't know 54% 48% 33% 25% 6% Who is ultimately responsible for information risk within your organisation? IT Security Manager 35 Chief Information Officer 22 CEO, CFO / MD 13 Information Security Officer 9. Compliance Manager Specific Risk Information Manager Specific Risk Information Manager Office Manager only 1% of mid-sized businesses See information risk as being the responsibility > of everyone in the organisation Business Unit Leader Everyone Only 13% see this as a boardroom issue and have assigned the overall responsibility for information risk matters to the CEO or CFO. Over a third (35%) see information risk as an IT issue. The legal and insurance sectors are more likely to take an IT-led approach, with financial and manufacturing leading the way with a more holistic approach to avoiding data loss. Legal and insurance sectors are most likely to adopt the IT-led approach. Financial and manufacturing lead the way with a more holistic approach to information management. 8 employee related issues that can lead to data loss. Lack of awareness or lack of understanding of the organisation's data protection policies, data loss risks and their implications. Lack of training in the use of data management systems, leading to data being mistakenly deleted or misplaced unknowingly. Negligence on the part of the employee - talking too loudly on the train, leaving confidential files in the bar on a Friday evening, leaving confidential papers on a desk overnight. Employee complacency an 'it will never happen to me' attitude, leading to carelessness and a lack of diligence, such as forgetting' to encrypt sensitive emails and not locking confidential files away. Misplaced curiosity leading to data loss mishaps or deletion of data. Leavers preparing to exit the organisation and taking data that may be 'useful in their new position. DATA Disgruntled and disengaged employees who feel their employer 'owes them'. Such feelings may emanate from unfulfilled promotion ambitions, pay freezes or perceived lack of appreciation. Malicious insider attacks from employees seeking to make profit from company data or wishing to cause damage. Steps and actions to help protect paper and digital information Make information risk a boardroom issue STEP ensure that it is a permanent point on the Board's agenda, that there is a senior individual on the Board responsible for it, and that it is embedded into how the Board monitors overall corporate performance. STEP Change the workplace culture design and deliver information security awareness programmes, have the right guidance available for every person at every level, and reward and reinforce good behaviours throughout the organisation, from the most junior to the most senior employee. STEP Put the right policies and processes in place and ensure these cover all information formats (electronic, paper or media). Also, define any vulnerabilities relating to manual information handling, establish whistle blowing protocols, and review and test all systems and processes on a regular basis. A lack of boardroom involvement and of ownership outside of IT is deeply concerning. The findings illustrate both the high levels of complacency and low levels of understanding of the risks involved. IRON MOUNTAIN INFORMATION MANAGEMENT IRON MOUNTAIN BEYOND CYBER THREATS 2012 PWC AND IRON MOUNTAIN CREATE EUROPE'S FIRST RISK MATURITY INDEX European mid-sized business are failing to protect information assets 600 BUSINESSES ACROSS 600 EUROPEAN BUSINESSES PERFORMANCE WAS POOR 器 00 : 100 40.6 Strategy O People O Communications Security Current maturity of the mid market Excellence Across 600 European businesses performance was poor, with an average index score of only 40.6, out of a maximum score of 100. A score of anything less than 50 is bad news for companies, their customers and their collective peace of mind. Only 50% of mid-market businesses cited information risks as one of their top three overall business risks. Just 36% of mid-market businesses have a specific individual or team with responsibility for information risk, and whose effectiveness is monitored. 59% 60% 26% of businesses unsure whether their employees had the necessary tools to protect information of businesses reacted to data of businesses not loss by investing in IT and Technology conducting personnel background checks biggest threat! IT Technology People "Business leaders ignore information security risk at their peril. Historically, business leaders have tended to regard information security as a technology issue..this is a complete misconception and needs to change." Richard Sykes - PwC Governance and Risk Compliance Leader This report is a wake-up call to mid-sized businesses. The risks they face are extensive, with the potential to make the difference between success and failure. What were the main impacts on your business arising from lost or misplaced information? Professional liability / exposure Reputational impacts Financial impact/loss of business Regulatorysanctions / penalties Don't know 54% 48% 33% 25% 6% Who is ultimately responsible for information risk within your organisation? IT Security Manager 35 Chief Information Officer 22 CEO, CFO / MD 13 Information Security Officer 9. Compliance Manager Specific Risk Information Manager Specific Risk Information Manager Office Manager only 1% of mid-sized businesses See information risk as being the responsibility > of everyone in the organisation Business Unit Leader Everyone Only 13% see this as a boardroom issue and have assigned the overall responsibility for information risk matters to the CEO or CFO. Over a third (35%) see information risk as an IT issue. The legal and insurance sectors are more likely to take an IT-led approach, with financial and manufacturing leading the way with a more holistic approach to avoiding data loss. Legal and insurance sectors are most likely to adopt the IT-led approach. Financial and manufacturing lead the way with a more holistic approach to information management. 8 employee related issues that can lead to data loss. Lack of awareness or lack of understanding of the organisation's data protection policies, data loss risks and their implications. Lack of training in the use of data management systems, leading to data being mistakenly deleted or misplaced unknowingly. Negligence on the part of the employee - talking too loudly on the train, leaving confidential files in the bar on a Friday evening, leaving confidential papers on a desk overnight. Employee complacency an 'it will never happen to me' attitude, leading to carelessness and a lack of diligence, such as 'forgetting' to encrypt sensitive emails and not locking confidential files away. Misplaced curiosity leading to data loss mishaps or deletion of data. Leavers preparing to exit the organisation and taking data that may be 'useful in their new position. DATA Disgruntled and disengaged employees who feel their employer 'owes them'. Such feelings may emanate from unfulfilled promotion ambitions, pay freezes or perceived lack of appreciation. Malicious insider attacks from employees seeking to make profit from company data or wishing to cause damage. Steps and actions to help protect paper and digital information Make information risk a boardroom issue STEP ensure that it is a permanent point on the Board's agenda, that there is a senior individual on the Board responsible for it, and that it is embedded into how the Board monitors overall corporate performance. STEP Change the workplace culture design and deliver information security awareness programmes, have the right guidance available for every person at every level, and reward and reinforce good behaviours throughout the organisation, from the most junior to the most senior employee. STEP Put the right policies and processes in place and ensure these cover all information formats (electronic, paper or media). Also, define any vulnerabilities relating to manual information handling, establish whistle blowing protocols, and review and test all systems and processes on a regular basis. 3 A lack of boardroom involvement and of ownership outside of IT is deeply concerning. The findings illustrate both the high levels of complacency and low levels of understanding of the risks involved. IRON MOUNTAIN INFORMATION MANAGEMENT IRON MOUNTAIN BEYOND CYBER THREATS 2012 PWC AND IRON MOUNTAIN CREATE EUROPE'S FIRST RISK MATURITY INDEX European mid-sized business are failing to protect information assets 600 BUSINESSES ACROSS 600 EUROPEAN BUSINESSES PERFORMANCE WAS POOR 器 00 : 100 40.6 Strategy O People O Communications Security Current maturity of the mid market Excellence Across 600 European businesses performance was poor, with an average index score of only 40.6, out of a maximum score of 100. A score of anything less than 50 is bad news for companies, their customers and their collective peace of mind. Only 50% of mid-market businesses cited information risks as one of their top three overall business risks. Just 36% of mid-market businesses have a specific individual or team with responsibility for information risk, and whose effectiveness is monitored. 59% 60% 26% of businesses unsure whether their employees had the necessary tools to protect information of businesses reacted to data of businesses not loss by investing in IT and Technology conducting personnel background checks biggest threat! IT Technology People "Business leaders ignore information security risk at their peril. Historically, business leaders have tended to regard information security as a technology issue..this is a complete misconception and needs to change." Richard Sykes - PwC Governance and Risk Compliance Leader This report is a wake-up call to mid-sized businesses. The risks they face are extensive, with the potential to make the difference between success and failure. What were the main impacts on your business arising from lost or misplaced information? Professional liability / exposure Reputational impacts Financial impact/loss of business Regulatorysanctions / penalties Don't know 54% 48% 33% 25% 6% Who is ultimately responsible for information risk within your organisation? IT Security Manager 35 Chief Information Officer 22 CEO, CFO / MD 13 Information Security Officer 9. Compliance Manager Specific Risk Information Manager Specific Risk Information Manager Office Manager only 1% of mid-sized businesses See information risk as being the responsibility > of everyone in the organisation Business Unit Leader Everyone Only 13% see this as a boardroom issue and have assigned the overall responsibility for information risk matters to the CEO or CFO. Over a third (35%) see information risk as an IT issue. The legal and insurance sectors are more likely to take an IT-led approach, with financial and manufacturing leading the way with a more holistic approach to avoiding data loss. Legal and insurance sectors are most likely to adopt the IT-led approach. Financial and manufacturing lead the way with a more holistic approach to information management. 8 employee related issues that can lead to data loss. Lack of awareness or lack of understanding of the organisation's data protection policies, data loss risks and their implications. Lack of training in the use of data management systems, leading to data being mistakenly deleted or misplaced unknowingly. Negligence on the part of the employee - talking too loudly on the train, leaving confidential files in the bar on a Friday evening, leaving confidential papers on a desk overnight. Employee complacency an 'it will never happen to me' attitude, leading to carelessness and a lack of diligence, such as 'forgetting' to encrypt sensitive emails and not locking confidential files away. Misplaced curiosity leading to data loss mishaps or deletion of data. Leavers preparing to exit the organisation and taking data that may be 'useful in their new position. DATA Disgruntled and disengaged employees who feel their employer 'owes them'. Such feelings may emanate from unfulfilled promotion ambitions, pay freezes or perceived lack of appreciation. Malicious insider attacks from employees seeking to make profit from company data or wishing to cause damage. Steps and actions to help protect paper and digital information Make information risk a boardroom issue STEP ensure that it is a permanent point on the Board's agenda, that there is a senior individual on the Board responsible for it, and that it is embedded into how the Board monitors overall corporate performance. STEP Change the workplace culture design and deliver information security awareness programmes, have the right guidance available for every person at every level, and reward and reinforce good behaviours throughout the organisation, from the most junior to the most senior employee. STEP Put the right policies and processes in place and ensure these cover all information formats (electronic, paper or media). Also, define any vulnerabilities relating to manual information handling, establish whistle blowing protocols, and review and test all systems and processes on a regular basis. 3 A lack of boardroom involvement and of ownership outside of IT is deeply concerning. The findings illustrate both the high levels of complacency and low levels of understanding of the risks involved. IRON MOUNTAIN INFORMATION MANAGEMENT IRON MOUNTAIN BEYOND CYBER THREATS 2012 PWC AND IRON MOUNTAIN CREATE EUROPE'S FIRST RISK MATURITY INDEX European mid-sized business are failing to protect information assets 600 BUSINESSES ACROSS 600 EUROPEAN BUSINESSES PERFORMANCE WAS POOR 器 00 : 100 40.6 Strategy O People O Communications Security Current maturity of the mid market Excellence Across 600 European businesses performance was poor, with an average index score of only 40.6, out of a maximum score of 100. A score of anything less than 50 is bad news for companies, their customers and their collective peace of mind. Only 50% of mid-market businesses cited information risks as one of their top three overall business risks. Just 36% of mid-market businesses have a specific individual or team with responsibility for information risk, and whose effectiveness is monitored. 59% 60% 26% of businesses unsure whether their employees had the necessary tools to protect information of businesses reacted to data of businesses not loss by investing in IT and Technology conducting personnel background checks biggest threat! IT Technology People "Business leaders ignore information security risk at their peril. Historically, business leaders have tended to regard information security as a technology issue..this is a complete misconception and needs to change." Richard Sykes - PwC Governance and Risk Compliance Leader This report is a wake-up call to mid-sized businesses. The risks they face are extensive, with the potential to make the difference between success and failure. What were the main impacts on your business arising from lost or misplaced information? Professional liability / exposure Reputational impacts Financial impact/loss of business Regulatorysanctions / penalties Don't know 54% 48% 33% 25% 6% Who is ultimately responsible for information risk within your organisation? IT Security Manager 35 Chief Information Officer 22 CEO, CFO / MD 13 Information Security Officer 9. Compliance Manager Specific Risk Information Manager Specific Risk Information Manager Office Manager only 1% of mid-sized businesses See information risk as being the responsibility > of everyone in the organisation Business Unit Leader Everyone Only 13% see this as a boardroom issue and have assigned the overall responsibility for information risk matters to the CEO or CFO. Over a third (35%) see information risk as an IT issue. The legal and insurance sectors are more likely to take an IT-led approach, with financial and manufacturing leading the way with a more holistic approach to avoiding data loss. Legal and insurance sectors are most likely to adopt the IT-led approach. Financial and manufacturing lead the way with a more holistic approach to information management. 8 employee related issues that can lead to data loss. Lack of awareness or lack of understanding of the organisation's data protection policies, data loss risks and their implications. Lack of training in the use of data management systems, leading to data being mistakenly deleted or misplaced unknowingly. Negligence on the part of the employee - talking too loudly on the train, leaving confidential files in the bar on a Friday evening, leaving confidential papers on a desk overnight. Employee complacency an 'it will never happen to me' attitude, leading to carelessness and a lack of diligence, such as 'forgetting' to encrypt sensitive emails and not locking confidential files away. Misplaced curiosity leading to data loss mishaps or deletion of data. Leavers preparing to exit the organisation and taking data that may be 'useful in their new position. DATA Disgruntled and disengaged employees who feel their employer 'owes them'. Such feelings may emanate from unfulfilled promotion ambitions, pay freezes or perceived lack of appreciation. Malicious insider attacks from employees seeking to make profit from company data or wishing to cause damage. Steps and actions to help protect paper and digital information Make information risk a boardroom issue STEP ensure that it is a permanent point on the Board's agenda, that there is a senior individual on the Board responsible for it, and that it is embedded into how the Board monitors overall corporate performance. STEP Change the workplace culture design and deliver information security awareness programmes, have the right guidance available for every person at every level, and reward and reinforce good behaviours throughout the organisation, from the most junior to the most senior employee. STEP Put the right policies and processes in place and ensure these cover all information formats (electronic, paper or media). Also, define any vulnerabilities relating to manual information handling, establish whistle blowing protocols, and review and test all systems and processes on a regular basis. 3 A lack of boardroom involvement and of ownership outside of IT is deeply concerning. The findings illustrate both the high levels of complacency and low levels of understanding of the risks involved. IRON MOUNTAIN INFORMATION MANAGEMENT IRON MOUNTAIN BEYOND CYBER THREATS 2012 PWC AND IRON MOUNTAIN CREATE EUROPE'S FIRST RISK MATURITY INDEX European mid-sized business are failing to protect information assets 600 BUSINESSES ACROSS 600 EUROPEAN BUSINESSES PERFORMANCE WAS POOR 器 00 : 100 40.6 Strategy O People O Communications Security Current maturity of the mid market Excellence Across 600 European businesses performance was poor, with an average index score of only 40.6, out of a maximum score of 100. A score of anything less than 50 is bad news for companies, their customers and their collective peace of mind. Only 50% of mid-market businesses cited information risks as one of their top three overall business risks. Just 36% of mid-market businesses have a specific individual or team with responsibility for information risk, and whose effectiveness is monitored. 59% 60% 26% of businesses unsure whether their employees had the necessary tools to protect information of businesses reacted to data of businesses not loss by investing in IT and Technology conducting personnel background checks biggest threat! IT Technology People "Business leaders ignore information security risk at their peril. Historically, business leaders have tended to regard information security as a technology issue..this is a complete misconception and needs to change." Richard Sykes - PwC Governance and Risk Compliance Leader This report is a wake-up call to mid-sized businesses. The risks they face are extensive, with the potential to make the difference between success and failure. What were the main impacts on your business arising from lost or misplaced information? Professional liability / exposure Reputational impacts Financial impact/loss of business Regulatorysanctions / penalties Don't know 54% 48% 33% 25% 6% Who is ultimately responsible for information risk within your organisation? IT Security Manager 35 Chief Information Officer 22 CEO, CFO / MD 13 Information Security Officer 9. Compliance Manager Specific Risk Information Manager Specific Risk Information Manager Office Manager only 1% of mid-sized businesses See information risk as being the responsibility > of everyone in the organisation Business Unit Leader Everyone Only 13% see this as a boardroom issue and have assigned the overall responsibility for information risk matters to the CEO or CFO. Over a third (35%) see information risk as an IT issue. The legal and insurance sectors are more likely to take an IT-led approach, with financial and manufacturing leading the way with a more holistic approach to avoiding data loss. Legal and insurance sectors are most likely to adopt the IT-led approach. Financial and manufacturing lead the way with a more holistic approach to information management. 8 employee related issues that can lead to data loss. Lack of awareness or lack of understanding of the organisation's data protection policies, data loss risks and their implications. Lack of training in the use of data management systems, leading to data being mistakenly deleted or misplaced unknowingly. Negligence on the part of the employee - talking too loudly on the train, leaving confidential files in the bar on a Friday evening, leaving confidential papers on a desk overnight. Employee complacency an 'it will never happen to me' attitude, leading to carelessness and a lack of diligence, such as 'forgetting' to encrypt sensitive emails and not locking confidential files away. Misplaced curiosity leading to data loss mishaps or deletion of data. Leavers preparing to exit the organisation and taking data that may be 'useful in their new position. DATA Disgruntled and disengaged employees who feel their employer 'owes them'. Such feelings may emanate from unfulfilled promotion ambitions, pay freezes or perceived lack of appreciation. Malicious insider attacks from employees seeking to make profit from company data or wishing to cause damage. Steps and actions to help protect paper and digital information Make information risk a boardroom issue STEP ensure that it is a permanent point on the Board's agenda, that there is a senior individual on the Board responsible for it, and that it is embedded into how the Board monitors overall corporate performance. STEP Change the workplace culture design and deliver information security awareness programmes, have the right guidance available for every person at every level, and reward and reinforce good behaviours throughout the organisation, from the most junior to the most senior employee. STEP Put the right policies and processes in place and ensure these cover all information formats (electronic, paper or media). Also, define any vulnerabilities relating to manual information handling, establish whistle blowing protocols, and review and test all systems and processes on a regular basis. 3 A lack of boardroom involvement and of ownership outside of IT is deeply concerning. The findings illustrate both the high levels of complacency and low levels of understanding of the risks involved. IRON MOUNTAIN INFORMATION MANAGEMENT IRON MOUNTAIN BEYOND CYBER THREATS 2012 PWC AND IRON MOUNTAIN CREATE EUROPE'S FIRST RISK MATURITY INDEX European mid-sized business are failing to protect information assets 600 BUSINESSES ACROSS 600 EUROPEAN BUSINESSES PERFORMANCE WAS POOR 器 00 : 100 40.6 Strategy O People O Communications Security Current maturity of the mid market Excellence Across 600 European businesses performance was poor, with an average index score of only 40.6, out of a maximum score of 100. A score of anything less than 50 is bad news for companies, their customers and their collective peace of mind. Only 50% of mid-market businesses cited information risks as one of their top three overall business risks. Just 36% of mid-market businesses have a specific individual or team with responsibility for information risk, and whose effectiveness is monitored. 59% 60% 26% of businesses unsure whether their employees had the necessary tools to protect information of businesses reacted to data of businesses not loss by investing in IT and Technology conducting personnel background checks biggest threat! IT Technology People "Business leaders ignore information security risk at their peril. Historically, business leaders have tended to regard information security as a technology issue..this is a complete misconception and needs to change." Richard Sykes - PwC Governance and Risk Compliance Leader This report is a wake-up call to mid-sized businesses. The risks they face are extensive, with the potential to make the difference between success and failure. What were the main impacts on your business arising from lost or misplaced information? Professional liability / exposure Reputational impacts Financial impact/loss of business Regulatorysanctions / penalties Don't know 54% 48% 33% 25% 6% Who is ultimately responsible for information risk within your organisation? IT Security Manager 35 Chief Information Officer 22 CEO, CFO / MD 13 Information Security Officer 9. Compliance Manager Specific Risk Information Manager Specific Risk Information Manager Office Manager only 1% of mid-sized businesses See information risk as being the responsibility > of everyone in the organisation Business Unit Leader Everyone Only 13% see this as a boardroom issue and have assigned the overall responsibility for information risk matters to the CEO or CFO. Over a third (35%) see information risk as an IT issue. The legal and insurance sectors are more likely to take an IT-led approach, with financial and manufacturing leading the way with a more holistic approach to avoiding data loss. Legal and insurance sectors are most likely to adopt the IT-led approach. Financial and manufacturing lead the way with a more holistic approach to information management. 8 employee related issues that can lead to data loss. Lack of awareness or lack of understanding of the organisation's data protection policies, data loss risks and their implications. Lack of training in the use of data management systems, leading to data being mistakenly deleted or misplaced unknowingly. Negligence on the part of the employee - talking too loudly on the train, leaving confidential files in the bar on a Friday evening, leaving confidential papers on a desk overnight. Employee complacency an 'it will never happen to me' attitude, leading to carelessness and a lack of diligence, such as 'forgetting' to encrypt sensitive emails and not locking confidential files away. Misplaced curiosity leading to data loss mishaps or deletion of data. Leavers preparing to exit the organisation and taking data that may be 'useful in their new position. DATA Disgruntled and disengaged employees who feel their employer 'owes them'. Such feelings may emanate from unfulfilled promotion ambitions, pay freezes or perceived lack of appreciation. Malicious insider attacks from employees seeking to make profit from company data or wishing to cause damage. Steps and actions to help protect paper and digital information Make information risk a boardroom issue STEP ensure that it is a permanent point on the Board's agenda, that there is a senior individual on the Board responsible for it, and that it is embedded into how the Board monitors overall corporate performance. STEP Change the workplace culture design and deliver information security awareness programmes, have the right guidance available for every person at every level, and reward and reinforce good behaviours throughout the organisation, from the most junior to the most senior employee. STEP Put the right policies and processes in place and ensure these cover all information formats (electronic, paper or media). Also, define any vulnerabilities relating to manual information handling, establish whistle blowing protocols, and review and test all systems and processes on a regular basis. 3 A lack of boardroom involvement and of ownership outside of IT is deeply concerning. The findings illustrate both the high levels of complacency and low levels of understanding of the risks involved. IRON MOUNTAIN INFORMATION MANAGEMENT

Risk Management Research - Iron Mountain

shared by IronMountainEUR on Mar 23
521 views
0 shares
0 comments
This infographic has been created by Iron Mountain to introduce their new research into risk management in European businesses. The research is a pointed reminder to SMEs about the real risks they fa...

Publisher

Iron Mountain

Source

Unknown. Add a source

Category

Business
Did you work on this visual? Claim credit!

Get a Quote

Embed Code

For hosted site:

Click the code to copy

For wordpress.com:

Click the code to copy
Customize size