Information Economics: The Intersection OF Value,Risk And Cost
Information Economics is managing and leveraging information created and received by an
organization with a view to the bottom line. Every business needs an enterprise-wide information
strategy that aims to reduce risk, ensure compliance, lower costs, and now with the emergence of
big data, prepare for analytics. Information Economics provides a comprehensive and collaborative
strategy to help organizations optimize information value and limit risk at every stage from the initial
creation of records and information across their active life, right through to secure destruction.
Risk Aware And Prepared
In the previous chapters of this eBook, we’ve looked at how
to secure a Return on Information by extracting maximum
value from your records and information. And, we’ve also
explored minimizing costs by retaining records you’re legally
obligated to keep and putting the rest in permanent storage
or arranging for secure destruction. But not every aspect
of Information Economics can be transparently assessed in
terms of cost or savings.
Information risk might seem difficult to quantify economically,
but avoiding information catastrophe must be a top priority
as the consequences can be so severe. The need to mitigate
risk however, must be balanced with an organization’s
overriding need to allow its people the freedom to work
efficiently, extracting maximum value from its information.
This chapter examines the individual threats and explains
how to plan a strategy to avoid disaster and get a positive
Return on Information.
One very insightful piece of research on
information risk comes from top global business
consultancy PwC and Iron Mountain. Their 2014
report, Beyond good intentions – the need to move
from intention to action to manage information
risk, analyzes research on 600 European and the
same number of North American companies with
250 – 2,500 employees.
The report defines best practice in minimizing
information risk and quantifies performance
against this benchmark using the Information risk
maturity index. An index of 100 indicates that a
business is equipped for risk, and the average
index for North American businesses was found
to be 54.5, showing that the vast majority of
companies are exposed to considerably greater
risk than they need to be.
The catastrophic data breach is every company’s
worst nightmare. While hacking is a serious threat,
in PwC’s 2014 Global State of Information Security
Survey, almost as many executives cited current
employees (31%) as a likely source of an
information security incident as hackers (32%).
Recent government research in the UK and North
America shows that 31% of the worst security
breaches in 2014 were caused by human error,
with a further 20% due to deliberate misuse of
systems by staff1. The same survey shows that
there has been a significant rise in the cost of
31% Of The Worst Security
Breaches In 2014 Were
Caused By Human Error
The top two information management priorities
for businesses are avoiding data breaches and the
consequences of non-compliance.
1 Information Security Breaches Survey 2014 - UK Department for Business
Chapter 1 of this eBook looked at
Return on Information and the importance of
reducing your records’ burden in order to free up
office space and improve access to information.
An enforceable records retention schedule can
help you do both – and achieve compliance.
Data protection regulations are perhaps the
most significant in terms of penalties with fines
of up to approximately $760,000 for serious
When it comes to data losses, especially where
sensitive customer information is involved, the
fine can be the least of your worries. Reputational
damage can cost you far more in the long run.
90% of companies that suffer a significant data
loss go out of business within two years3.
2 UK Information Commissioner’s Office
3 London Chamber of Commerce