What is the Cost of Ignoring Information Risk?

Download PDF

Information Economics: The Intersection OF Value,Risk And Cost

Information Economics is managing and leveraging information created and received by an organization with a view to the bottom line. Every business needs an enterprise-wide information strategy that aims to reduce risk, ensure compliance, lower costs, and now with the emergence of big data, prepare for analytics. Information Economics provides a comprehensive and collaborative strategy to help organizations optimize information value and limit risk at every stage from the initial creation of records and information across their active life, right through to secure destruction.

Risk Aware And Prepared

In the previous chapters of this eBook, we’ve looked at how to secure a Return on Information by extracting maximum value from your records and information. And, we’ve also explored minimizing costs by retaining records you’re legally obligated to keep and putting the rest in permanent storage or arranging for secure destruction. But not every aspect of Information Economics can be transparently assessed in terms of cost or savings.

Mitigating Information Risk Is Essential To Extracting Maximum Value

Information risk might seem difficult to quantify economically, but avoiding information catastrophe must be a top priority as the consequences can be so severe. The need to mitigate risk however, must be balanced with an organization’s overriding need to allow its people the freedom to work efficiently, extracting maximum value from its information.

This chapter examines the individual threats and explains how to plan a strategy to avoid disaster and get a positive Return on Information.

Information Risk: The Facts

One very insightful piece of research on information risk comes from top global business consultancy PwC and Iron Mountain. Their 2014 report, Beyond good intentions – the need to move from intention to action to manage information risk, analyzes research on 600 European and the same number of North American companies with 250 – 2,500 employees.

The Average North American Business Scores 54.5% On Readiness For Risk

The report defines best practice in minimizing information risk and quantifies performance against this benchmark using the Information risk maturity index. An index of 100 indicates that a business is equipped for risk, and the average index for North American businesses was found to be 54.5, showing that the vast majority of companies are exposed to considerably greater risk than they need to be.

Threats

Data Breach

The catastrophic data breach is every company’s worst nightmare. While hacking is a serious threat, in PwC’s 2014 Global State of Information Security Survey, almost as many executives cited current employees (31%) as a likely source of an information security incident as hackers (32%). Recent government research in the UK and North America shows that 31% of the worst security breaches in 2014 were caused by human error, with a further 20% due to deliberate misuse of systems by staff1. The same survey shows that there has been a significant rise in the cost of individual incidents.

31% Of The Worst Security Breaches In 2014 Were Caused By Human Error

The top two information management priorities for businesses are avoiding data breaches and the consequences of non-compliance.

1 Information Security Breaches Survey 2014 - UK Department for Business

Non-Compliance

Chapter 1 of this eBook looked at Return on Information and the importance of reducing your records’ burden in order to free up office space and improve access to information. An enforceable records retention schedule can help you do both – and achieve compliance. Data protection regulations are perhaps the most significant in terms of penalties with fines of up to approximately $760,000 for serious breaches2.

When it comes to data losses, especially where sensitive customer information is involved, the fine can be the least of your worries. Reputational damage can cost you far more in the long run. 90% of companies that suffer a significant data loss go out of business within two years3.

2 UK Information Commissioner’s Office
3 London Chamber of Commerce

Click to Download Full Report