July 08, 2014

American Businesses Deprioritizing Information Security

NEW YORK, NY, July 8, 2014 –The 4th annual security tracker, conducted by Ipsos Reid on behalf of Shred-it, reveals businesses are deprioritizing information security and decreasing their investment in the destruction of confidential information, marking the first decline since Shred-it’s first security tracker was issued in 2011 and a significant behavioural shift.

According to the study, 86 per cent of c-suite executives are aware of the legal requirements supporting the protection of confidential data, however one in five have never performed a security audit, down 13 per cent from 2013. The study also found that almost half of the small business owners surveyed conduct no regular audits of their security protocols, while 3 in 10 have never even performed an audit. Further, 33 per cent of c-suite executives acknowledge having both a locked console in the office for confidential documents; this is down 22 per cent from last year. The study also found that almost half of the small businesses owners surveyed have no protocol for storing and disposing of confidential information.

“In the 4 years we’ve been conducting this study, this is the first year we’ve seen a country deprioritize information security. This is alarming given the fact that companies are facing an increasing number of security risks and should be making information security a priority.” said Bruce Andrew, Executive Vice President at Shred-it. “It is more important than ever before that business leaders understand the financial and reputational implications when confidential documents fall into the wrong hands. Protecting information and preventing fraudulent activity doesn’t have to be an onerous task.”

Shred-it’s 4th Annual Security Tracker also found:

  • 43 per cent of c-suite executives would encourage new privacy information laws requiring stricter compliance and larger enforceable penalties
  • C-suite executives who just throw sensitive documents into the garbage has increased to 10 per cent from 1 percent
  • 70 per cent of small business owners and 30 per cent of c-suite executives don’t have a cyber-security policy in place
  • 15 per cent of c-suite executives surveyed are likely to have never trained staff on security procedures, and are less likely to report on staff training occurring at least once a year. This is up 13 per cent from 2013
  • Only 38 per cent of c-suite executives admit to having an employee directly responsible for managing data security issues at the management level, this is down 23 per cent from 2013
  • C-suites are twice as likely not to have an employee responsible for managing data security issues in their workplace, up 11 per cent from 2013

Information Security Insecurity

The 2014 Security Tracker results also show that businesses of all sizes lack awareness about information security breaches, and they underestimate the potential financial and reputational implications. Four in 10 small businesses owners, and 2 in 10 c-suite executives, do not think lost or stolen data would seriously impact their business. Further, 1 in 5 small business owners and c-suite executives admit to not knowing how their business would be impacted in the event data was stolen or lost, while 2 in 10 c-suite executives admit to having experienced lost or stolen data resulting in a financial impact to their business.

“Businesses can no longer remain complacent. Procedures and protocols to protect information need to be established to ensure confidentiality of information,” says Andrew. “The study clearly shows us that business leaders are looking for more commitment from the US government and, given change takes time, we’re suggesting that business leaders take responsibility by doing all they can to establish a culture of security.”

The following simple steps can help organizations begin establishing a culture of security:

  • Demonstrate a top-down commitment from management to the total security of your business and customer information
  • Establish a formal information security policy; train employees to know the policies well and follow them rigorously
  • Introduce a "shred-all" policy, where unneeded documents are fully destroyed on a regular basis; remove the decision-making process regarding what is and isn’t confidential
  • Introduce special locked containers instead of traditional recycling bins for disposing of confidential documents
  • Conduct periodic security audits. If you don't have the resources to implement a secure document destruction program, work with a reliable third-party vendor

About Shred-it:
Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. The company operates in 140 markets throughout 18 countries worldwide, servicing more than 300,000 global, national and local businesses. For more information, please visit www.shredit.com.

About Ipsos Reid:
Ipsos Reid is Canada's market intelligence leader, the country's leading provider of public opinion research, and research partner for loyalty and forecasting and modeling insights. With operations in eight cities, Ipsos Reid employs more than 600 research professionals and support staff in Canada. The company has the biggest network of telephone call centres in the country, as well as the largest pre-recruited household and online panels. Ipsos Reid's marketing research and public affairs practices offer the premier suite of research vehicles in Canada, all of which provide clients with actionable and relevant information. Staffed with seasoned research consultants with extensive industry-specific backgrounds, Ipsos Reid offers syndicated information or custom solutions across key sectors of the Canadian economy, including consumer packaged goods, financial services, automotive, retail, and technology & telecommunications. Ipsos Reid is an Ipsos company, a leading global survey-based market research group. To learn more, visit www.ipsos.ca.

About the 2014 Security Tracker:
An independent survey conducted by Ipsos Reid and commissioned by Shred-it was conducted between April 28th and May 5th, 2014, with two distinct sample groups: Small business owners in the United States (n= 1,007), which have fewer than 100 employees, and C-suite executives in the United States (n=100), that have executives that work for companies with a minimum of 500 employees in the United States.