October 24, 2023

Shred-it® Annual Data Protection Report Finds Vulnerable Small Businesses Risk Losing More than Money

Nearly 8 in 10 small business leaders surveyed admit they are anxious about the safety of their company’s sensitive data and information

BANNOCKBURN, Ill. – October 24, 2023: Shred-it®, a leading secure information destruction service by Stericycle, Inc. (Nasdaq: SRCL), announced today the release of its 13th annual Data Protection Report (DPR), revealing crucial insights on information security concerns and challenges that small business leaders (SBLs) face. The report—titled “Vulnerable Small Businesses Risk Losing More than Just Money”—reveals perceptions of the current regulatory landscape and top barriers to compliance as well as assesses the demand for assistance from external partners.

According to the Identity Theft Resource Center’s 2022 Annual Data Breach Report, the number of data breaches remains in line with the all-time high set in 2021, and consumers are not oblivious to the stark realities of cybercrime. Eighty-one percent of consumers would stop engaging with a brand online following a data breach, stated a Ping Identity consumer report. Additionally, the cost of data breaches to all businesses is at its highest level ever with an average cost of more than $4.4M globally, more than $5.1M in Canada, and more than $9.4M in the U.S. This financial impact could cripple a small business as they face potential regulatory actions and fines, legal fees, and the loss of customers.

This year’s DPR found that 1 in 4 of the SBLs surveyed reportedly experienced a data breach in the past and, of those, 50% said it was caused by employee error. Close to half (45%) of consumers noted that they have experienced at least one data breach. Furthermore, 3 in 4 of the SBLs and almost all (94%) of the individual consumers surveyed said they are concerned about future data breaches. To help avoid future breaches, more than 90% of SBLs believe that data and information protection and compliance training is an essential security practice, but interestingly, only 15% require employees to complete them.

“Following years of stress from the global pandemic, small businesses and consumers now face many financial pressures due to inflation, lingering supply chain issues, and rising prices,” said Cory White, executive vice president and chief commercial officer at Stericycle. “Running a business is now more costly than ever, and businesses continue to look for ways to save money. Our 2023 Data Protection Report found that SBLs recognize that information and data security are critical in building and retaining strong relationships with customers. However, many are still at risk of losing customers and related revenue if sensitive physical and digital data protection becomes compromised. Addressing data protection properly is an essential part of business leaders’ strategic decisions.”

Business-critical insights from the report include:

  • Vulnerable Small Businesses May Risk Losing Customers to Potential Breaches
    • 73% of the SBLs and 94% of the consumers surveyed are concerned about data breaches in the future. These concerns are even higher among Canadian small business leaders (81%).
    • Only 60% say they are proactive when it comes to data and information protection, and a mere 22% report being ‘extremely proactive,’ potentially leaving many small businesses exposed to future issues.
  • Training and Education Can Help Mitigate Potential Risks
    • 71% of SBLs surveyed fear that their employees will not know what to do in the event of a breach.
    • However, only 15% of SBLs report that they require their employees to take any training, and the few who do have mandatory training are not offering it regularly.
    • A majority (63%) of SBLs admit they do not have a reliable source to maintain relevant policies and training.
  • An Effective Compliance Strategy Can Benefit From a Strong Third-Party Partnership
    • 76% of the SBLs surveyed worry that regulations will only become more complicated and burdensome for small businesses in the future. These worries are even more pronounced for Canada-based SBLs (87%).
    • 67% of SBLs are overwhelmed at the thought of changing procedures to meet existing regulations.
    • 47% of SBLs do not currently have third-party partners for managing sensitive digital data and information, but more than 90% of those who do use a third-party partner feel their partnerships are deeply valuable.

“Small business leaders need to be proactive and allocate more budget upfront or risk significant revenue loss that is difficult to recover from,” said Michael Borromeo, vice president of data protection at Stericycle. “They have an opportunity to protect themselves by offering regular employee training and developing an understanding of the shifting data protection regulatory landscape — both of which a trusted third-party partner can provide valuable guidance.”

The full 2023 Data Protection Report provides actionable recommendations for small business leaders to help keep their digital and physical data secure as well as best practices to remain educated about changes in data protection legislation. Access to the full report and multimedia assets can be found here.

###

About the 2023 Data Protection Report

Shred-it’s 2023 Data Protection Report is a survey of 501 small business leaders (e.g., business owners, executives, C-levels, VPs, Director+ levels or equivalent) who work at or own companies with 15 to 100 employees in the U.S. and Canada across a variety of sectors (e.g., healthcare, finance, professional services, insurance, real estate, etc.), as well as 1,000 consumers in the U.S. and Canada. This research uncovered that many SBLs have critical concerns and challenges regarding information security and data protection. The report also describes the perceptions of SLBs with respect to today’s data protection regulatory landscape, top barriers to compliance, the future outlook, and demand for external assistance from partners.

About Shred-it

Shred-it® is a secure information destruction service provided by Stericycle, Inc. (Nasdaq: SRCL). Shred-it’s leading information destruction solutions help ensure the security and integrity of private and confidential information, helping to protect the information of global, national and local businesses across North America and Europe. For more information, please visit www.shredit.com.