UK Mid-sized Businesses Ranked Low for Managing Information Risk

Mid-sized businesses in the UK are the worst performers in Europe when
it comes to managing information risk, according to newly-published research.

The conclusion is based on a survey by information management
group Iron Mountain and PricewaterhouseCoopers (PwC). The study surveyed senior
managers at 600 mid-sized (250-2,500 employees) European businesses in the UK,
France, Germany, Hungary, the Netherlands and Spain to compile Europe’s first Information
Risk Maturity Index.

The index was based on a set of measures that, if put in place and
frequently monitored, would help protect the information held by an
organisation. Of the six countries included, the UK consistently fared the
worst, achieving a score of only 55.08 against a target of 100. While there was
no stand-out performer in Europe, Hungary outperformed the other European
countries with the highest overall index score of 61.

“It’s a surprise that UK businesses fared so badly in this study,
particularly when high-profile data breaches receive such widespread media
attention in the UK, seriously damaging brand reputation,” saidChristian Toon,
head of information risk at Iron Mountain Europe. “The findings reveal that
though many British businesses do have a data protection and information risk
strategy in place, most fail to monitor its effectiveness. In Hungary, with its high level of ISO certification, businesses
are more likely to have training programmes, clear guidance, codes of conduct
and employee communication programmes in place. This difference underscores why
companies need to adopt a culture of Corporate Information Responsibility [CIR]. This shift is key to protecting sensitive information.”


Related reading