Confidential information at greatest risk in new businesses

Businesses under five years old are twice as likely to compromise the confidentiality of sensitive information than more established businesses. This is one of the findings of recent research into information management and security practices in the mid-market, commissioned by leading storage and information management services company Iron Mountain. The in-depth study of mid-market businesses across Europe and North America found that staff at recently established organisations expose their businesses to information risk because they are less careful with critical business data. Nearly half (48%) of those surveyed admitted they had left sensitive documents lying about the office, had mislaid them completely or had lost them in a public place. This is twice as many as staff at more established firms, where fewer than one in four (23%) had made similar information management mishaps.

Younger businesses are considerably less clear on how long they are legally required to retain documents such as tax records, contracts and customer data, making these organisations more likely to put the safety of this information at risk. For example, more than half (59%) of business professionals at companies between one and five years old admitted they could be keeping sensitive human resource records beyond their retention deadline, exposing the business to the threat of reputational damage and fines from information regulators. This is compared with just 20% at firms with more than 25 years in business.

Yet young firms are doing little to address the situation, preferring instead to prioritise expansion into new markets (80%) or product development (54%). The majority (76%), for example, have no plans in place to automate key information management processes such as HR. They are also less adept than older firms at managing data protection procedures or extracting value from their information. When asked about their processes for regulatory compliance in data handling, just a third (32%) of respondents at firms under five years old said their processes are “relevant and easy to comply with”. By comparison, 46% of respondents at firms aged 25 years and over said the same. Similarly, just over a quarter (28%) of those at younger firms said they have effective processes in place to monitor where their information is most valuable, compared to two fifths (40%) of respondents at older businesses.