MELBOURNE, 20 June 2018 – Businesses in Australia need to lift their game if they are to meet the high expectations of their customers around information security. That is the message from the 2018 Shred-it State of the Industry Report which identifies a disconnect between the expectations consumers have of service providers when it comes to managing their personal information securely, and the level of preparedness of these organisations.
The annual study exposes information and data security risks currently threatening Australian enterprises and small businesses and includes survey findings from the Shred-it Security Tracker.
The last year has been a turbulent one, with a number of consumer data breaches or mishandling of personal information, such as Cambridge Analytica, and growing concerns about privacy. “In this environment, business leaders need to reassess how they protect their customers and organisation from potential security risks and breaches,” says Tom Bell, Country Manager, Shred-it Australia.
The research also surveyed consumers and showed that the vast majority of Australians feel that data protection is extremely important when making decisions about choosing service providers in key industries, such as banking (93 percent), mobile or internet (89 percent), legal (87 percent) and health care (84 percent).
Alarmingly, the report highlighted a lack of understanding among businesses around legislative requirements and a need for organisations to invest more time and resources to equip their staff to adequately protect confidential information in an evolving workplace. Despite their legal obligations, only 50 percent of all respondents have a strong understanding of these requirements. When it comes to having policies for storing and disposing of confidential data on electronic devices, only 32 percent have a policy that is strictly adhered to and 50 percent have no policy at all.
Even when an organisation has in place comprehensive policies, these are only effective if employees are confident and diligent in their application. Yet, mirroring a lack of procedures, training is not being done adequately. Across the board only 55 percent train their staff on information-security procedures or policies. Seventy-two percent of SBOs report training staff only on an ad hoc basis, which is a step backwards from 59 percent in 2016.
“In an age of digital communication, the importance of physical materials, such as paper, is sometimes overlooked,” said Mr Bell. “For instance, our research shows that across all respondents, only 45 percent have a policy that is strictly adhered to and 39 percent have no policy at all for storing and disposing of confidential paper documents.
Yet, 59 percent think paper use will stay the same or increase over the next year, leaving organisations vulnerable to the loss or theft of paper based private information.”
Australian businesses are facing significant challenges, combined with an increasingly stringent/complex regulatory environment with mandatory reporting of breaches under the Notifiable Data Breaches (NDB) and the new EU General Data Protection Regulations (GDPR) framework.
The likelihood of eroded customer and community trust resulting from a breach of privacy information is a major business risk. The troubling first quarterly report by the Office of the Australian Information Commissioner in April revealed that in just the first six weeks of the new legislation, there had been 63 notifications of breaches1.
In an environment of heightened sensitivity to privacy and security of data, business owners and organisational leaders are under pressure to meet not just their legal obligations, but also consumer and community expectations. This research shows that customers will reconsider their choice of service provider if they are not perceived to be managing and protecting their data well.
“The research offers a wake-up call to organisations responsible for information security,” concluded Mr Bell. “Businesses need to act now to put in place the policies, practices, training and above all, a culture, to deliver on information security. Their reputation, trust among customers and ultimately, their business success, may depend on it.”
For more information:
Sauce Communications (for Shred-it)
T: 0427 006 404
Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our customers private information. A wholly-owned subsidiary of the US based business to business services company Stericycle, Shred-it operates in 170 markets throughout 19 countries worldwide, servicing more than 400,000 global, national and local businesses. For more information, please visit www.shredit.com.au.
About the 2018 Security Tracker Study
Ipsos conducted a quantitative online survey of two distinct sample groups: Small Business Owners (SMO) in Australia (n=1,003) with fewer than 100 employees, and C-Suite Executives in Australia (n=100), with a minimum of 100 employees. Data for Small Business Owners is weighted by region. Data for C-Suite Executives is unweighted as the population is unknown. The precision of Ipsos online surveys are calculated via a credibility interval. In this case, the Australia SBO sample is considered accurate to within +/- 3.5 percentage points had all Australian small business owners been surveyed, and the Australia C-Suite sample is accurate to within +/- 11.2 percentage points had all Australian C-Suite Executives been surveyed. The fieldwork was conducted between April 9th and April 21st, 2018.
In addition to the quantitative online survey, Ipsos conducted a short omnibus survey among a gen pop sample of n=1,000 Australians about data protection and security.
1 Notifiable Data Breaches Quarterly Statistics Report: January 2018 – March 2018, OAIC