Data protection: UK firms trail European average

UK companies are lagging behind their European counterparts when it comes to information risk and protecting sensitive information despite a number of high profile data breaches.

The latest Information Risk Maturity Index from Iron Mountain and PricewaterhouseCoopers gave the UK 55.9 out of 100 for 2014 that, although it was a rise from the 2013 score [55.4], is lower than the European average of 56.1.

“UK firms have some way to go if they are to catch up with their European counterparts. For the third year running they have failed to match the average European score. It is critical that companies address this if they are to adopt a responsible-yet-proactive approach to information risk and value, not just to protect the business, but to help it thrive,” said Phil Greenwood, Commercial Director at Iron Mountain.

Hungary leads the way on 60.2 followed by France [56.9], then the UK, the Netherlands [55.8], Spain [54.7], and Germany [53.6] showing that just two of the countries included have a rate higher than the average. The index is compiled by looking at how prepared mid-market companies are when it comes to addressing key information security trends.

Together with the findings, Iron Mountain produced a three-step programme that UK businesses should follow to improve the security of their data. Firstly, companies need to “make information risk a boardroom issue” to ensure that there is a senior member of the board always addressing any data security problems.

Secondly, Iron Mountain wants companies to “change the workplace culture” by delivering security awareness programmes, making the correct guidance available for people at every level, and by rewarding good behaviour throughout the organisation.

Lastly, the firm recommends that companies “put the right policies and processes in place” and make sure that they cover all information formats whether it is electronic, paper or media. It added that firms must identify vulnerabilities related to manual information handling, create whistle blowing protocols, and review and test all systems regularly.

Image Credit: Flickr (Dave Pearce)