The data watchdog’s new tough stance has failed to put the frighteners on most small businesses, which, according to a new study, are failing to take even the most basic precautions to protect confidential data.
Despite the threat of £500,000 fines and severe reputation damage, over half (59.8%) of the small and medium-sized companies surveyed for the Shred-it Security Tracker said they did not believe that the loss or theft of data from their organisation would have any impact on their business. And this is up 10% from the 2011 survey.
“This year’s findings are particularly worrying, as they show SMEs becoming increasingly lax about information destruction as they just do not see any consequences for poor security procedures,” said Robert Guice, executive vice-president, EMEA, at Shred-it.
This lack of concern could be the reason why over one-third of SMEs (35.4%) admitted that they had no protocols in place for the storage and disposal of confidential data, over three quarters of respondents (76.6%) either do not provide any training for employees on company information security procedures (26.6%), or do so only on an ad hoc basis (50%).
The survey among 1,004 UK SMEs, undertaken by Ipsos MORI, also revealed a possible reason for the sector’s lack of concern about information security.
Nearly a quarter of SMEs (23.1%) admitted to being not very or not at all aware of the legal requirements for storing, keeping or disposing of confidential data in their industry. This compares poorly with businesses with more than 250 employees where 94% of those responding said they were aware in some form of the Data Protection Act.
“What we are seeing is a lack of awareness of the legal requirements, and complacency about the likelihood of being prosecuted and fined for breaching them, really coming through into a worrying lack of control over the way information is stored and disposed of by small and medium-sizes enterprises,” Guice added.
