Confidential information at greatest risk in new businesses

Bad information management practices leave fledgling business over exposed to risk of cyber security breaches.

Businesses under five years old are twice as likely to compromise the confidentiality of sensitive information than more established businesses. This is one of the findings of recent research into management and security practices in the mid-market, commissioned by leading storage and management services company Iron Mountain.

The in-depth study of mid-market businesses across Europe and North America finds that staff at recently established organisations expose their businesses to risk because they are less careful with critical business data.

Nearly half (48 per cent) of those surveyed admit they had left sensitive documents lying about the office, had mislaid them completely or had lost them in a public place. This is twice as many as staff at more established firms, where fewer than one in four (23 per cent) had made similar management mishaps.

Protect your information

Younger businesses are considerably less clear on how long they are legally required to retain documents such as tax records, contracts and customer data, making these organisations more likely to put the safety of this information at risk.

For example, more than half (59 per cent) of business professionals at companies between one and five years old admit they could be keeping sensitive human resource records beyond their retention deadline, exposing the business to the threat of reputation damage and fines from information regulators. This is compared with just 20 per cent at firms with more than 25 years in business.

Yet young firms are doing little to address the situation, preferring instead to prioritise expansion into new markets (80 per cent) or product development (54 per cent). The majority (76 per cent), for example, have no plans in place to automate key information management processes such as HR. They are also less adept than older firms at managing data protection procedures or extracting value from their information.

When asked about their processes for regulatory compliance in data handling, just a third (32 per cent) of respondents at firms under five years old say their processes are ‘relevant and easy to comply with’. By comparison, 46 per cent of respondents at firms aged 25 years and over say the same.

Similarly, just over a quarter (28 per cent) of those at younger firms says they have effective processes in place to monitor where their information is most valuable, compared to two fifths (40 per cent) of respondents at older businesses.

Keep your bad habits in check

Elizabeth Bramwell, director at Iron Mountain says, ‘The first five years of a business’s life are often dedicated to rapid growth as the organisation establishes itself in the market. The start-up phase is a busy one, so it’s perhaps understandable that information management mistakes are more likely to happen during this time.

‘However, whether you’re a new or an established business the law is the law, so it’s vital that confidential information is protected. If bad information habits are left unchecked and effective processes aren’t put in place, young businesses face severe legal and reputation consequences that could fast erode customer confidence and threaten the very survival of the business.’

Previous research from Iron Mountain and PWC suggests that many mid-market companies experience an ‘information epiphany’ when the products or services with which they launched the business start to approach their end-of-life, which normally happens around the five to seven years stage.

According to this research, over a third (38 per cent) of younger firms don’t know how information flows through the business, compared to 22 per cent of those aged six and over. To take a more mature approach to handling and harnessing the value of information, young businesses need to put effective information management processes in place from the start, which can then become part of their company culture as they grow.

Further reading on information security

Owen Gough, SmallBusiness UK

Freddie Halvorson

Owen was a reporter for Bonhill Group plc writing across the and titles before moving on to be a Digital Technology reporter for the

Related Topics

Data Security

Leave a comment