Valuable or vulnerable? Duelling information qualities

As organisations focus more and more attention – and spend more and more money - on extracting value from information, a potential conflict has arisen: how to maximise benefits while continuing to protect and manage content according to existing rules and regulations. To date, information management policies concentrated on ensuring controlled access to information, reducing the risk of data breaches, and disposing of information when it has served its purpose. However, these same fundamental practices often inhibit employees from extracting the full value from information in order to make well informed decisions. Information created and processed by a business has a vital role in the commercial success and even the survival of an organisation. So how do they make the most of value while protecting the vulnerable?

In a recent study undertaken with PwC, we set out to explore how mid-sized (from 250 to 2500 employees) and enterprise-level organisations (more than 2,500 employees) in Europe and North America approach the task of harnessing information value. The research uncovered an interesting discrepancy. Many businesses (64 per cent) believe they are already getting the most from their information. Yet, a closer look at how the businesses are managing their information reveals that the majority (76 per cent) are not extracting full value because they lack the requisite culture, skills and tools.

It seems that the majority of business leaders exhibit a false confidence when it comes to the ability of their organisations to manage information for value.

The number of companies that said they can identify when and where information is most vulnerable is slightly higher than those that understand where it delivers greatest value. More than two in three businesses (69 per cent) believe they know how information flows through the business and where it is most valuable; and 76 per cent say the same about knowing where it is most vulnerable. Yet when asked how they determine either of these, few were able to give a clear answer and most didn’t answer at all.

The triumph of caution is seen elsewhere in the study. For example, the results reveal that 73 per cent of those surveyed are confident that valuable information can be accessed easily by all those who need it. However, the research also tells us that just 50 per cent of senior managers in Europe and North America are allowed access to such information. In some instances of course, this is absolutely necessary: no business would want to provide anything but highly restricted access to records that contain personally identifiable information or intellectual property, for example. However, when such restrictions do not apply then access should be granted to the data if it is deemed useful regardless of where it is located across the enterprise, or measures taken to “de-identify” personal information before sharing. This will lead to the eventual “democratisation” of the data, as is fundamental to making new and innovative connections and decisions.

Companies that allow their IT department access to the most valuable information are more likely to grant such access to a number of other functions, including research and development (27 per cent), finance (35 per cent), records and information management (27 per cent) and marketing (26 per cent). However, these numbers also mean that two-thirds of R&D and finance departments and three-quarters of records management and marketing don’t have free access, despite the importance of high-value company insight to areas such as customer engagement and product development. Businesses need to create an information strategy up front with the decisions made on whom should have access to what information and for what purpose. IT should play a role as a strategic partner and enabler rather than act as a gate keeper.

IT is not the only potential barrier to accessing information for analytics; in a study conducted with IDC earlier this year, we found that legal departments represent a similar and possibly even greater obstacle. Legal and compliance departments were found to prioritise security and risk mitigation over ease and speed of access, with a mere third (38 per cent) believing that data archives can enhance revenue. Moreover, just under half felt that they should be responsible for several key aspects of data archiving – with IT and other business functions disagreeing with them on all counts.

In other words, exploiting information for competitive advantage is not as simple as it seems. Required commitments and compliance to data protection, entrenched attitudes, inter-departmental silos, and a lack of mutual understanding around information leads to information being caught behind barriers or even locked down. This has far-reaching impacts on a company’s ability to make the most of its information.

It also explains why many companies are finding it hard to adjust to the new information dynamic. Exploiting information for value creates a tension between the need to keep information secure while sharing it with those employees best placed to use it for business insight and advantage.

It is well known that information is at greater risk while in motion than when it is at rest. But that is no excuse to put it to sleep. The C-suite has a major role in implementing information governance strategy, oversight, and accountability in order to break down unnecessary barriers, while keeping the information secure. It needs to ensure that important decisions about information access and protection are made by all those affected, and that responsibilities are allocated to reflect the needs of a knowledge-enabled business. Our study shows that currently just four per cent of companies get it right; we need to work together to multiply that by 25.

Sue Trombley, Managing Director of Thought Leadership at Iron Mountain