Over 80% of UK firms regard avoiding data breaches and non-compliance fines as their main information managment priority, although they’re not using this information to drive innovation, according to a new study.
Iron Mountain and PwC interviewed nearly 2,000 mid- and enterprise-sized businesses across Europe and North America to compile their third annual Information Risk Maturity Index.
It found that in the UK, 83% of firms think of information as a business asset, yet few (18%) use it to increase speed to market or improve product development cycles (12%).
The majority said their priority was to avoid a data breach (88%) or a fine for non-compliance (84%).
Although this increasing focus on data loss and compliance could be viewed positively, the report pointed to worrying gaps between “stated commitments and practical action”.
The overall risk maturity index score across North America and Europe, for example, was 55.3 out of 100, which indicates firms are “risk aware” but not necessarily clued up on what to do about those risks, Iron Mountain claimed.
Just 37% of European and 47% of North American businesses said they have in place a “fully monitored information risk strategy”. In addition, only 26% of European and 20% of North American businesses follow-up on information risk training programmes to gauge their effectiveness, the report found.
Christian Toon, head of information risk at Iron Mountain, told Infosecurity that firms need to consider risk in a wider context than merely losing data through a breach or being fined because of non-compliance.
In this way, “losing an information advantage” could itself be considered a risk, he argued.
“Information is a strategic business asset, and treating it as such offers the opportunity for a multitude of commercial rewards, not least a strong competitive advantage,” Toon added. “Managing information for advantage and mitigating information risk need to go hand in hand.”
Successful information management needs to be a board-level issue which requires several key elements to drive competitive advantage, he said.
These include gaining awareness of the potential impact of not managing information properly; fostering a culture of “information responsibility”; and implementing a company-wide policy, and processes, to manage information and reduce risk.
“We operate in an information landscape that is defined by the increasing volume, variety and velocity of information moving through businesses, and a wide range of risks,” Toon claimed.
“Most companies are doing something to mitigate information risk and maximize value, but few are doing enough.”