June 11, 2012

Small Businesses Underestimate Impact of Data Security; C-Suite Calls for Stricter Legislation

Shred-it’s 2nd annual Information Security Tracker finds small business owners are still not protecting their assets like large organizations

Shred-it, a world-leading security company providing document and data destruction services, commissioned an independant survey with Ipsos Reid across the United States, Canada and the United Kingdom to gain insight on information security policies and procedures amongst small business owners and C-suite executives. The below results are specific to the United States.

  • C-suite respondents (95%) are 18% more aware of the legal requirements of storing, keeping and disposing of confidential data than smaller business owners (77%)
  • Although there was a 1% improvement from 2011, still, 35% of small business owners do not have a known or understood protocol in place for storing and disposing confidential data.
  • 27% of C-suite respondents train staff twice a year on the company’s information procedures and protocols, while nearly the same percentage of small business respondents, 28%, never train staff on these protocols and procedures.
  • 61% of C-suite respondents have a management-level employee responsible for managing the company’s data security issues, whereas, around half, 46%, of small business respondents do not have anyone directly responsible for mitigating risks. Moreover, 12% more respondents in 2012 reported that they do not have an employee directly responsible for managing data security and 8% less responded that they have a management level employee responsible for managing the company’s data security issues.
  • More than half, 55%, of C-suite respondents are in favor of and would encourage a new data privacy law in the U.S. that would require stricter compliance. With the US currently not having a data protection law comparable to the EU’s Data Protection Directive, this is an interesting insight and could be one for policy-makers to take notice.
  • Likely because C-suite respondents come from larger, more established and higher revenue-generating corporations, it’s not a surprise that 33% of respondents said that lost or stolen data would result in severe financial impact and would harm their credibility as a business. What is surprising is that the majority of small business respondents, 51%, said that lost or stolen data would not seriously impact their business. Furthermore, compared with 2011, small business respondents were less concerned (14% in 2012 compared to 21% in 2011), that stolen data would have a severe financial impact and harm to the business’ credibility.
  • 47% of C-suite respondents have both locked consoles and use a professional shredding service to shred sensitive documents. 50% of small business respondents do not have secure locked consoles to house sensitive materials and instead, use in-office shredding vs. a professional shredding service.
  • While 67% of C-suite respondents and 52% of small business respondents erase, wipe or degauss the content on data-storing electronics, their confidential data is still susceptible to breach.

Security breaches within small businesses are on the rise as more small business owners continue to become technologically-savvy and use computerized systems and digital records to track their customer and financial information,” said Mike Skidmore, Privacy & Security Officer, Shred-it. “One year after Shred-it’s 2011 Information Security Tracker, it is unsettling to see that despite being aware of the legal requirements and protocols for securely destroying confidential materials, unlike C-suite executives at larger companies, small business owners are still not using that knowledge to proactively prevent and mitigate risk. As small companies evolve as a business, so must their information security measures.”

Information security is vital to all organizations, regardless of their size and net worth. For small businesses, data breaches cause nearly 80 percent to go bankrupt or suffer severe financial losses within two years of the breach, according to identity theft specialist John Sileo. Estimates from the Ponemon Institute and CyberFactors predict the loss for a large business could reach as much as $100-$225 million depending on the type of business and information lost.

Shred-it offers the following tips to help both small and large businesses safeguard their business information:
  • Analyze possible security gaps in one’s organization and work with security experts to assess existing security systems.
  • Implement ongoing risk analysis processes and create a policy specifically designed to limiting exposure to fraud and data breaches.
  • Regularly train employees in proper document management and encourage their adoption of security best practices.
  • Utilize special locked consoles to house sensitive materials that are waiting to be properly shredded.
  • Implement a “shred-all” policy so that all unneeded documents are fully destroyed on a regular basis.
  • Don’t overlook hard drives on computers or photocopiers; physical hard drive destruction is proven to be the only 100% secure way to destroy data from hard drives permanently.
  • Have up-to-date and effective computer network protection, including anti-virus software and a firewall.
  • Hire a reliable vendor that is well-informed and keeps you compliant with pertinent legislation, training requirements etc.
About Shred-it
Shred-it is a world-leading information security company providing document destruction services that ensure the security and integrity of our clients’ private information. The company operates 140 service locations in 16 countries worldwide, servicing more than 150,000 global, national and local businesses, including the world’s top intelligence and security agencies, more than 500 police forces, 1,500 hospitals, 8,500 bank branches and 1,200 universities and colleges. For more information, please visit www.shredit.com.
About Ipsos Public Affairs
Ipsos Public Affairs is a non-partisan, objective, survey-based research practice made up of seasoned professionals. We conduct strategic research initiatives for a diverse number of American and international organizations, based not only on public opinion research, but elite stakeholder, corporate, and media opinion research.
Ipsos has media partnerships with the most prestigious news organizations around the world. In the U.S., UK and internationally, Ipsos Public Affairs is the media polling supplier to Reuters News, the world's leading source of intelligent information for businesses and professionals, and the Hispanic polling partner of Telemundo Communications Group, a division of NBC Universal providing Spanish-language content to U.S. Hispanics and audiences around the world.
Ipsos Public Affairs is a member of the Ipsos Group, a leading global survey-based market research company. We provide boutique-style customer service and work closely with our clients, while also undertaking global research. To learn more visit: www.ipsos-na.com.
About the Survey
An independent survey conducted by Ipsos Reid and commissioned by Shred-it was conducted between April 13th and 20th, 2012, with two distinct sample groups: small business owners in the United States (n=1,136), which have fewer than 100 employees, and C-suite executives in the United States (n=100), who work for companies with a minimum of 500 employees.