BANNOCKBURN, Ill.– A new report has found 43% of C-suite executives (up from 21% in 2017) and 12% of small business owners (up from 7%) have experienced a data breach.
At the same time, the report found while companies are getting better at protecting their customers' personal and sensitive information, their focus on security training and protocols has declined in the last year. This decline could pose issues for businesses, as 83% of consumers say they prefer to do business with companies who prioritize protecting their physical and digital data, according to Shred-It, which released the findings as part of its 10thAnniversary Edition Data Protection Report (formerly known as "The Security Tracker: State of the Industry Report").
The report, which outlines data security risks threatening U.S. enterprises and small businesses, is based on a survey conducted by Ipsos.
According to the company, the findings reinforce the need for business owners to have data protection policies in place as threats to data security, both physical (including paper documents, laptop computers or external hard drives) and digital (including malware, ransomware and phishing scams) have outpaced efforts and investments to combat them.
Shred-It said the report, which was completed prior to COVID-19, also exposes that more focus is needed around information security in the home, where C-suites and SBOs feel the risk of a data breach is higher.
‘Destroying the Myth’
“While advancements in technology have allowed businesses to move their information to the cloud, only 7% of C-suites and 18% of SBOs operate in a paperless environment,” Shred-It said. “Businesses still consume vast amounts of paper, dispelling the myth of offices going digital and signaling a need for oversight of physical information and data security.”
The survey found C-suites and SBOs indicated external threats from vendors or contractors (25% C-suites; 18% SBOs) and physical loss or theft of sensitive information (22% C-suites, 19% SBOs) are the top information security threats facing their business.
“Yet, the number of organizations with a known and understood policy for storing and disposing of confidential paper documents adhered to by all employees has declined 13% for C-suites (73% in 2019 to 60% in 2020) and 11% for SBOs (57% in 2019 to 46% in 2020),” Shred-It said. “In addition, 49% of SBOs have no policy in place for disposing of confidential information on end-of-life electronic devices.”
According to the survey, while the work-from-home trend has risen over the years, the COVID-19 pandemic abruptly launched employees into work-from-home status, many without supporting policies. The majority of C-suites (77%) and SBOs (53%) had employees who regularly or periodically work off-site. Despite this trend, just over half (53%) of C-suites and 41% of SBOs have remote work policies in place that are strictly adhered to by employees working remotely (down 18% from 71% in 2019 for C-suites; down 8% from 49% in 2019 for SBOs), the report found.
Other Findings
- When it comes to training, 24% of C-suites and 54% of SBOs reported having no regular employee training on information security procedures or policies. Additionally, the number of organizations that regularly train employees on how to identify common cyber-attack tactics, such as phishing, ransomware or other malicious software, declined 6% for C-suites (from 88% in 2019 to 82% in 2020) and 7% for SBOs (from 52% in 2019 to 45% in 2020).
- 86% of consumers are concerned that private, personal information about them is present on the internet.
- Nearly a quarter (24%) of consumers would stop doing business with a company if their personal information was compromised in a data breach. Beyond losing their loyalty, consumers would lose trust in the business (31%) and demand to know what the business is doing to prevent future breaches (31%).
- Less than two in five (38%) consumers trust that all physical and digital data breaches are properly disclosed to consumers (up 4% from 34% in 2019).
- While more than half (60%) of C-suites and nearly half (46%) of SBOs have a known and understood policy for storing and disposing of confidential paper documents, strict employee adherence to these policies has declined from 2019—down 13% from 73% in 2019 for C-suites and down 11% from 57% in 2019 for SBOs.
- Additionally, 10% C-suites and 38% of SBOs admit they have no policies in place for disposing of confidential paper documents, up 4% for C-suites (from 10% in 2019) and 8% for SBOs (from 30% in 2019).
- Prior to the COVID-19 pandemic, nearly half (45%) of small businesses did not have a policy for storing and disposing of confidential information when employees work off-site from the office.
- A secondary Shred-it study found that 75% of employees own a home printer that they use to print work documents and 43% print work-related documents weekly.
For info, go here.