Small and medium-sized enterprises (SMEs) in the UK are not taking basic precautions to protect confidential data because they do not believe that losing private information will have any impact on their business.
Despite the threat of crippling fines and severe reputation damage, more than half (59.8 per cent) of the 1,000 SMEs surveyed by shredding company Shred-it say they did not believe that the loss or theft of data from their organisation would any impact on their business, up 10 per cent from the 2011 survey.
Robert Guice, executive vice president of Shred-it says, ‘This year’s findings are particularly worrying, as they show SMEs becoming increasingly lax about information destruction as they just do not see any consequences for poor security procedures.’
This lack of concern could be the reason why 35.4 per cent of SMEs admit that they had no protocols in place for the storage and disposal of confidential data, with three quarters of respondents (76.6 per cent) either not providing any training for employees on company information security procedures (26.6 per cent), or doing so only on an ad hoc basis (50 per cent).
Nearly a quarter of SMEs (23.1 per cent) admit to being not very or not at all aware of the legal requirements for storing, keeping or disposing of confidential data in their industry. This compares poorly with businesses with more than 250 employees where 94 per cent of those responding said they were aware in some form of the Data Protection Act.
Guice adds, ‘What we are seeing is a lack of awareness of the legal requirements, and complacency about the likelihood of being prosecuted and fined for breaching them, really coming through into a worrying lack of control over the way information is stored and disposed of by SMEs.’