Contactez-nous Suivez-nous sur Twitter En francais English Language

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Iron Mountain: Confidential information at greatest risk in new businesses

January 2017 by Iron Mountain

11th February Businesses under five years old are twice as likely to
compromise the confidentiality of sensitive information than more established
businesses. This is one of the findings of recent research into information
management and security practices in the mid-market, commissioned by leading storage
and information management services company Iron

The in-depth study of mid-market businesses across Europe and North America found
that staff at recently established organisations expose their businesses to
information risk because they are less careful with critical business data. Nearly
half (48%) of those surveyed admitted they had left sensitive documents lying about
the office, had mislaid them completely or had lost them in a public place. This is
twice as many as staff at more established firms, where fewer than one in four (23%)
had made similar information management mishaps.

Younger businesses are considerably less clear on how long they are legally required
to retain documents such as tax records, contracts and customer data, making these
organisations more likely to put the safety of this information at risk. For
example, more than half (59%) of business professionals at companies between one and
five years old admitted they could be keeping sensitive human resource records
beyond their retention deadline, exposing the business to the threat of reputational
damage and fines from information regulators. This is compared with just 20% at
firms with more than 25 years in business.

Yet young firms are doing little to address the situation, preferring instead to
prioritise expansion into new markets (80%) or product development (54%). The
majority (76%), for example, have no plans in place to automate key information
management processes such as HR. They are also less adept than older firms at
managing data protection procedures or extracting value from their information. When
asked about their processes for regulatory compliance in data handling, just a third
(32%) of respondents at firms under five years old said their processes are
"relevant and easy to comply with". By comparison, 46% of respondents at firms aged
25 years and over said the same. Similarly, just over a quarter (28%) of those at
younger firms said they have effective processes in place to monitor where their
information is most valuable, compared to two fifths (40%) of respondents at older

Elizabeth Bramwell, director at Iron Mountain said, "The first five years of a
business’s life are often dedicated to rapid growth as the organisation establishes
itself in the market. The start-up phase is a busy one, so it’s perhaps
understandable that information management mistakes are more likely to happen during
this time. However, whether you’re a new or an established business the law is the
law, so it’s vital that confidential information is protected. If bad information
habits are left unchecked and effective processes aren’t put in place, young
businesses face severe legal and reputational consequences that could fast erode
customer confidence and threaten the very survival of the business."

Previous research from Iron Mountain and PWC[i] suggests that many mid-market
companies experience an ’information epiphany’ when the products or services with
which they launched the business start to approach their end-of-life, which normally
happens around the five to seven years stage.[ii] According to this research, over a
third (38 per cent) of younger firms don’t know how information flows through the
business, compared to 22 per cent of those aged six and over. To take a more mature
approach to handling and harnessing the value of information, young businesses need
to put effective information management processes in place from the start, which can
then become part of their company culture as they grow.

See previous articles


See next articles