August 23, 2022

Shred-it Annual Report Finds Data Protection Vital for Small Businesses

Nine in 10 small business leaders find it harder than ever to keep their company’s data and information safe.

BANNOCKBURN, Ill. – August 23, 2022: Shred-it, a leading information security service provided by Stericycle, Inc. (Nasdaq: SRCL), today announced the release of its 12th annual Data Protection Report (DPR), revealing key insights and expert perspectives on the ever-evolving information security landscape and the challenges small business leaders (SBLs) face. The report—titled “The Vital Importance of Data Protection for Small Businesses”—reveals gaps and opportunities in data protection, education and navigating the regulatory landscape.

According to the Identity Theft Resource Center’s 2021 Annual Data Breach Report, data breaches are at an all-time high, surpassing the previous record set in 2017. Last year, physical breaches—including document theft—accounted for 43% of breached assets. The cost of data breaches is also on the rise with an average cost of more than $4 million, which could cripple a small business as they face potential regulatory actions and fines, legal fees and the loss of customers. This year’s DPR found that the majority (90%) of SBLs feel that it is harder than ever to keep their company’s sensitive data and information safe, even reporting that two-thirds have spent more budget on protection measures this year than ever before. 

Small business leaders report remote work (69%), employee turnover (63%), and supply chain vulnerabilities (60%) as the driving factors of data protection challenges and concerns today. Moreover, over half of SBLs find it difficult to keep up with changing data and information protection regulations and do not have the adequate resources to navigate them. 

Shred-it releases its 2022 Data Protection Report during a time when small businesses are facing new and larger threats to data protection. After a global pandemic accelerated a shift to remote work environments for many organizations, more businesses are now offering permanent remote or hybrid work options. The “Great Reshuffle,” a time of strong labor demand and low unemployment, led to high employee turnover across North America. With a swath of new employees working in hybrid and decentralized work environments, there has never been a more important time, especially for small businesses, to prioritize data protection.

“It is abundantly clear that ineffective data protection strategies and bandage security solutions will not hold up against today’s data breaches,” said Cory White, executive vice president and chief commercial officer at Stericycle. “Small business leaders must understand the potential impact of insufficient data protection, not only to protect their bottom line but also to safeguard their reputation with employees and customers. Leaders need to prioritize both digital and physical information security efforts and offer regular education to employees to help them maintain diligence and stay apprised of evolving regulations. We are committed to helping companies protect their businesses, relationships and reputation through our data protection solutions.”

Business-critical insights from the report include:

Small Businesses Are Leaving Physical Data Vulnerable to Potential Breaches

  • Even though the vast majority (91%) believe that physical and digital data protection are equally important, many SBLs (53%) assert that digital risks are the greatest data protection risk to their business today.
  • Only 27% of SBLs say they collect and destroy sensitive materials when no longer needed.

Education Is Key in Data Protection Efforts

  • Only 58% of SBLs say their companies require all employees to undergo mandatory information security training. 
  • Even with that training, SBLs fear that their workforce still does not understand data protection best practices (67%) or how to navigate a potential data breach (66%). 

Small Business Leaders Need Support to Navigate the Changing Regulatory Landscape 

  • 1 in 4 SBLs do not understand the various types of data and information protection laws and the ways businesses are subject to comply.
  • 55% of SBLs believe they do not have adequate resources or support to navigate today’s data and information protection regulations. 

“This year’s report sheds light on the many challenges small business owners face in protecting their business, employees and customers’ data and information,” said Michael Borromeo, vice president of data protection for Stericycle. “Physical and digital data protection is essential to a company’s reputation and financial performance. Small business leaders and their employees should maintain a regular data security training schedule to mitigate the chances of a data breach and to stay informed on consumer privacy laws as they evolve. Partnering with a trusted third party for data protection and compliance can help SBLs navigate an evolving regulatory landscape and feel more confident in their organization’s ability to protect sensitive data and information.”

The full 2022 Data Protection Report provides actionable recommendations for small business leaders to keep their digital and physical data secure as well as best practices to remain educated about changes in data protection legislation to ensure compliance. Access the full report and multimedia assets here


About the 2022 Data Protection Report

Shred-it’s 2022 Data Protection Report is a survey of 510 small business leaders (e.g., business owners, executives, C-levels, VPs, Director+ levels or equivalent) who work at or own companies with 15 to 100 employees in the U.S. and Canada across a variety of sectors (e.g., healthcare, finance, professional services, insurance, real estate, etc.). This research uncovered critical information security concerns and challenges with data protection today. The report also investigates perceptions of today’s data protection regulatory landscape and top barriers with compliance, the future outlook, and demand for external assistance from partners. 

About Shred-it

Shred-it is an information security service provided by Stericycle, Inc. Shred-it’s leading information destruction solutions ensure the security and integrity of private and confidential information, protecting global, national and local businesses across 14 countries worldwide. For more information, please visit