Your SlideShare is downloading. ×
Information Risk Report
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Information Risk Report

440

Published on

Christian Toon's presentation from the launch of the 2013 PwC Information Risk Maturity Index. Each year PwC and Iron Mountain conduct research across Europe to identify trends and recommendations in …

Christian Toon's presentation from the launch of the 2013 PwC Information Risk Maturity Index. Each year PwC and Iron Mountain conduct research across Europe to identify trends and recommendations in data management and information risk across Europe. To view the full report and best practice for free visit http://www.ironmountain.co.uk/Risk-Management/

Published in: Business, Economy & Finance
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
440
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • (set scene from experience) I’ve been in the information management business for XX years . . And have seen companies, particularly, those in the enterprise space develop strategies to manage their information on a global scale. But a large swathe of companies of a smaller size have yet to put adequate policy and processes in place. I have seen the information landscape has transformed – it’s more complex and the mid-market is not prepared.
  • The report confirms this view. It is telling us that information, a valuable business asset, is difficult to manage in an increasingly complex and fast-changing information environment
  • It is not just about Big Data….
  • The lightening speed at which information is being created is breath taking.
  •   Update Social Media numbers: >918 corporate e-mail accounts worldwide >5,3 billion (the same) >400 million
  • To address the problem, businesses need to acknowledge that this is not an IT issue and make information management a senior-leadership issue that requires a board-level or C-suite response
  • The response should come not in the form of a digital fortress, but in the form of a business-wide culture of responsibility – part of what we are calling: “Corporate Information Responsibility”
  • To address the problem, businesses need to acknowledge that this is not an IT issue and make information management a senior-leadership issue that requires a board-level or C-suite response
  • To address the problem, businesses need to acknowledge that this is not an IT issue and make information management a senior-leadership issue that requires a board-level or C-suite response
  • To address the problem, businesses need to acknowledge that this is not an IT issue and make information management a senior-leadership issue that requires a board-level or C-suite response
  • The response should come not in the form of a digital fortress, but in the form of a business-wide culture of responsibility – part of what we are calling: “Corporate Information Responsibility”
  • Businesses need to understand the potential impact (financial and reputational) of not managing information risk - leadership has to come from the very top. A programme needs to be created and rolled out company-wide The third and most important point – it’s all about the people. And because it’s people – what is needed is a cultural change led from the top and with people at its heart. We call this Corporate Information Responsibility.
  • No one is managing their information at a satisfactory level . The average score in the risk index was 46 out of a potential 100. The score was consistently low –there is no hero in any country or sector. Less than a quarter were not aware whether or not they had experienced a data breach in the last three years.
  • Needs to be useful and valuable. Help build a business case
  • No one is managing their information at a satisfactory level . The average score in the risk index was 46 out of a potential 100. The score was consistently low –there is no hero in any country or sector. Less than a quarter were not aware whether or not they had experienced a data breach in the last three years.
  • 48% of organisations recognised that the appropriate management of information risk is linked to the protection of the reputation of the business. For me, that means 52% need to have another think – SONY, et al.
  • Whilst all of the countries surveyed require a huge step change in the way that they treat information risk, Hungary is in the strongest position, with businesses there more likely to have training programmes, clear guidance, codes of conduct and employee communication programmes in place. The UK is consistently below par on the people issues.
  • Deliberately not written BEST… no one is doing well. Financial services and pharmaceuticals are the strongest sectors with legal falling some way behind. If we take the pharmaceutical sector for example, this sector is typically protective of its Intellectual Property (IP) largely as a result of the strength of various patents, which may in part explain its stronger overall performance on our index. In a similar way, the financial services sector is highly regulated across Europe, with the impacts of data loss or mismanagement extremely high in terms of both reputational and financial costs. In contrast, the legal sector, whilst in possession of a wide range of data and information, usually clients rather than its own, is predicated on a tradition of original documentation. Legal companies are often highly reliant on such original documentation which may help to explain why its index score is comparatively lower than those sectors, including financial services and pharmaceuticals, which do not have such reliance to the same extent.
  • The biggest risk to information is behaviour and culture . A mere 1% consider information risk to be the responsibility of every employee. All too often businesses build a digital fortress to protect their data only to watch information walk out the door on paper or left on a printer for anyone to see
  • Against this backdrop of significant and rapid change. The risks for businesses are higher and the consequences more serious. There are three main risks: Threats to key info such as patents Inadvertent disclosure Financial liability
  • Against this backdrop of significant and rapid change. The risks for businesses are higher and the consequences more serious. There are three main risks: Threats to key info such as patents Inadvertent disclosure Financial liability
  • Transcript

    • 1. The Information Risk LandscapeChristian ToonHead of Information Risk© 2010 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks of IronMountain Incorporated. All other trademarks and registered trademarks are the property of their respective owners.
    • 2. ENVIRONMENTThe Information Risk LandscapeComplex andfast-changing
    • 3. The opportunities:business withoutboundariesThe obstacles:the everyday terrorof terabytesThe Information Risk LandscapeBIG DATA
    • 4. “Every day, we create 2.5 quintillionbytes of data — so much that 90% ofthe data in the world today has beencreated in the last two years alone.”(Understanding Big Data, IBM Whitepaper, 2012)The Information Risk LandscapeVOLUME: CREATION
    • 5. Every hour, enough information is consumed byInternet traffic to fill 7 million DVDs.The Information Risk LandscapeSIDE BY SIDE THEYDSCALE MOUNTEVEREST 95 TIMESVOLUME:CONSUMPTION
    • 6. 70%of the UK willhave 4G coverageby the end of 2013The Information Risk LandscapeSPEED
    • 7. The Information Risk Landscape£83The average priceof an entry levelsmartphone hasfallen toACCESSIBILITY
    • 8. The Information Risk Landscape1in4is now a‘threescreener’MULTI-DEVICE
    • 9. corporate email accounts worldwideThe Information Risk Landscape>918 MILLIONcontent pieces shared on facebook/month>30 BILLIONtweets/day>400 MILLION
    • 10. Even defining the basic rules of theroad around “document” and“record” is not always simple...The Information Risk LandscapeMORE COMPLEXREGULATIONS
    • 11. SO, WHAT DOES THIS MEAN FORINFORMATION MANAGERS?The Information Risk Landscape
    • 12. PwC Information Risk Index 2013Average score of 40.6 out of 100BUSINESSES ARE AT RISK53%of European businessesexpect to lose dataThe Information Risk Landscape
    • 13. PROCESSES ARE PAPERAND DIGITALThe Information Risk Landscape
    • 14. The Information Risk LandscapeDATA SWAMPYou need to better manage storedinformationAnd with a tight budget
    • 15. The Information Risk LandscapeRECORDSMANAGEMENTIs key to meeting legalretention periods
    • 16. The Information Risk LandscapePEOPLEYour best asset andyour greatest risk
    • 17. THE WORLD HAS CHANGED BUT HAVE WE?WHAT SHOULD WE FOCUS ON?The Information Risk Landscape
    • 18. The Information Risk LandscapeACTION POINT 1:Lead your organisation outof danger
    • 19. The BoardInformationManagementRisk & ReputationThe Information Risk LandscapeGet senior buy-inYou need to speakthe language ofthe board room
    • 20. The Information Risk LandscapeA change in behaviourand culture requiredCorporate culture
    • 21. The Information Risk LandscapeACTION POINT 2:Get a handle on the data swamp
    • 22. Implement a compliantrecords managementprogrammeThe Information Risk Landscape
    • 23. The Information Risk LandscapeCreate a retention policyand build into your RMprogramme
    • 24. The Information Risk LandscapeOperate a policy of controlled trustACTION POINT 3:
    • 25. The Information Risk LandscapeMake friends with otherbusiness functions
    • 26. CORPORATE INFORMATIONRESPONSIBILITYThe Information Risk Landscape
    • 27. The Information Risk LandscapeWHAT IS THEINFORMATION RISKMATURITY INDEX?StrategyPeopleCommunicationsSecurity
    • 28. WHAT WAS THEAVERAGE SCOREACROSS EUROPE?The Information Risk Landscape
    • 29. WHAT WAS THEAVERAGE SCOREACROSS EUROPE?The Information Risk Landscape40.6
    • 30. The Information Risk LandscapeWHAT IS THE RESEARCHTELLING US?
    • 31. The Information Risk LandscapeNo one is managingtheir information ata satisfactory level.
    • 32. The Information Risk Landscape48% haveexperienced impactsto reputation
    • 33. The Information Risk LandscapeThe Netherlands islagging behind
    • 34. The Information Risk LandscapeLegal is bottom ofthe pack
    • 35. The Information Risk LandscapeTHE BIGGEST RISK ISBEHAVIOUR ANDCULTURE1% considerinformation riskeveryone’sresponsibility
    • 36. The Information Risk Landscape• Patent protection• Inadvertent disclosure• Financial liabilityHIGH RISKS &SERIOUSCONSEQUENCES
    • 37. The Information Risk Landscape• They treat informationrisk as a boardroom issue.• They have a multi-disciplinary team in chargeof information risk.• They have a balancedinformation strategyand they monitor itseffectiveness.WHAT ARE THE BESTORGANISATIONS DOING?

    ×