Firms in Germany, the Netherlands and the UK trail their peers elsewhere in Europe when managing and responding to information risk, according to the latest ‘Information Risk Maturity Index’ produced by PwC and information management specialist Iron Mountain.
The annual index measures how prepared companies are to address key information trends against a target of 100.
Iron Mountain noted that “despite a string of high-profile data breaches and upcoming reforms to data protection legislation coming out of the European Parliament (EP),” the results from the 2014 Index showed mid-market firms in Germany, the Netherlands and the UK scoring below the average of 56.1 out of an ideal score of 100.
Hungary registered the best score out of six European countries (France, Germany, Hungary, the Netherlands, Spain and the UK) at 60.2, even though this was slightly down on their rating in a similar 2013 poll.
The third Information Risk Maturity Index surveyed 1,200 mid-sized businesses (250-2,500 employees) and 600 enterprise businesses (over 2,500 employees) in the six European countries and also Canada, Norway and the US.
The results for the 2014 survey show:
- Around three in four companies surveyed (72% in Europe and 79% in North America) regard information as a business asset.
- Just half (51%) of European firms, and 65% in North America use their information to boost product or service innovation.
- Only around a quarter (21% in Europe and 28% in North America) use information to increase their speed to market, while at most one in ten (10% in Europe, 4% in North America) say that information has boosted product or service development cycles.
- When businesses were asked to rank their information management priorities 76% and 85% of companies in Europe and North America respectively, opted for avoiding a data breach, while 74% and 70% of European and North Americans said they focused on avoiding legal action, or a fine for non- compliance.
Based on the findings of the Information Risk Maturity Index, Iron Mountain has identified a set of steps and actions to help businesses improve their data security:
- Step 1: Make information risk a boardroom issue – ensure that it is a permanent point on the board’s agenda, that there is a senior individual on the board responsible for it, and that it is embedded into how the board monitors overall corporate performance.
- Step 2: Change the workplace culture – design and deliver information security awareness programmes, have the right guidance available for every person at every level, and reward and reinforce good behaviours throughout the organisation, from the most junior to the most senior employee.
- Step 3: Put the right policies and processes in place – and ensure these cover all information formats (electronic, paper or media). Also, define any vulnerabilities relating to manual information handling, establish whistle blowing protocols, and review and test all systems and processes on a regular basis.