Skip to main content
The Actuary: The magazine of the Institute and Faculty of Actuaries - return to the homepage Logo of The Actuary website
  • Search
  • Visit The Actuary Magazine on Facebook
  • Visit The Actuary Magazine on LinkedIn
  • Visit @TheActuaryMag on Twitter
Visit the website of the Institute and Faculty of Actuaries Logo of the Institute and Faculty of Actuaries

Main navigation

  • News
  • Features
    • General Features
    • Interviews
    • Students
    • Opinion
  • Topics
  • Knowledge
    • Business Skills
    • Careers
    • Events
    • Predictions by The Actuary
    • Whitepapers
    • Moody's - Climate Risk Insurers series
    • Webinars
    • Podcasts
  • Jobs
  • IFoA
    • CEO Comment
    • IFoA News
    • People & Social News
    • President Comment
  • Archive
Quick links:
  • Home
  • The Actuary Issues
  • March 2012
03

Businesses lack information risk maturity, survey finds

Open-access content Friday 23rd March 2012 — updated 5.13pm, Wednesday 29th April 2020

Many businesses are woefully unprepared to address and manage information risks such as data breaches and data loss, according to a survey published today by Iron Mountain and PricewaterhouseCoopers.

2

In a report which includes Europe's first Information risk maturity index, the company's found that only around half of mid-sized business consider the loss of sensitive information as one of their top three business risks.

Less than a quarter (24%) of those surveyed were aware as to whether or not they had experienced a data breach in the last three years, while only 1% of respondents consider information risk to be the responsibility of every employee.

Nearly two-thirds (60%) admitted they do not know whether their employees have the right tools to protect information.

Marc Duale, president of international at Iron Mountain, said the report showed it was time for businesses to move from a culture of 'information apathy and neglect' to one of 'information responsibility'.

'Fail to act and you expose your customers to serious information risk while potentially leaving your company open to the risk of irreparable reputational damage,' he added.

The survey is based on a survey by PwC of senior managers at 600 mid-sized (250-2,500 employees) businesses. Scores were assessed for the information risk maturity of businesses in France, Germany, Hungary, the Netherlands, Spain and the UK. The average score for businesses' risk maturity was 40.6, against an ideal score of 100.

According to Iron Mountain, the survey revealed considerable inconsistency around who should be responsible for information risk. Just 13% of those surveyed saw it as a boardroom issue, while around a third saw it as the IT department's responsibility.

Over half of respondents (59%) had responded to data breaches by installing additional technology, and only a third (36%) of companies had assigned responsibility for information risk to a specific team or individual, whose effectiveness was the monitored.

William Beer, a director in PwC's UK cyber and information security practice, said: 'Good information security requires three elements: people, processes and technology. Companies too often invest in technology to solve the perceived issue but technology is not the silver bullet.

'Mid-sized companies that don't necessarily have the financial resources, but do have the will and agility to change, can make a huge improvement by transforming the culture from the top, putting new procedures in place and educating their staff.'

To address the issue, Iron Mountain advised businesses to make information risk a boardroom matter, to change workplace culture so good behaviours are reinforced and rewarded, and to put the right policies and practices in place.

This article appeared in our March 2012 issue of The Actuary.
Click here to view this issue
Filed in
03
Topics
General Insurance

You might also like...

Share
  • Twitter
  • Facebook
  • Linked in
  • Mail
  • Print

Latest Jobs

New Fast-Growing Team - Actuarial Systems Development

London (Greater)
Excellent Salary Package
Reference
143762

Actuarial Pension Consultant – Scotland/Remote – Up to £90,000 plus bonus

Edinburgh / Glasgow / Remote working
Up to £90,000 + Bonus
Reference
143761

Part Qualified Pensions Actuary– Specialised Pensions Consultancy - Scotland/Remote - Up to £70,000

Edinburgh / Glasgow / Remote working
Up to £70,000 + Bonus
Reference
143760
See all jobs »
 
 

Today's top reads

 
 

Sign up to our newsletter

News, jobs and updates

Sign up

Subscribe to The Actuary

Receive the print edition straight to your door

Subscribe
Spread-iPad-slantB-june.png

Topics

  • Data Science
  • Investment
  • Risk & ERM
  • Pensions
  • Environment
  • Soft skills
  • General Insurance
  • Regulation Standards
  • Health care
  • Technology
  • Reinsurance
  • Global
  • Life insurance
​
FOLLOW US
The Actuary on LinkedIn
@TheActuaryMag on Twitter
Facebook: The Actuary Magazine
CONTACT US
The Actuary
Tel: (+44) 020 7880 6200
​

IFoA

About IFoA
Become an actuary
IFoA Events
About membership

Information

Privacy Policy
Terms & Conditions
Cookie Policy
Think Green

Get in touch

Contact us
Advertise with us
Subscribe to The Actuary Magazine
Contribute

The Actuary Jobs

Actuarial job search
Pensions jobs
General insurance jobs
Solvency II jobs

© 2023 The Actuary. The Actuary is published on behalf of the Institute and Faculty of Actuaries by Redactive Publishing Limited. All rights reserved. Reproduction of any part is not allowed without written permission.

Redactive Media Group Ltd, 71-75 Shelton Street, London WC2H 9JQ