The survey of 1,000 UK businesses, undertaken by researcher IPSOS, found that more than two thirds of UK small or medium-sized enterprises (SMEs) either never train their employees on company information security procedures and protocols (30%), or do so only on an ad hoc basis (38%).
The results come after last year’s enhancement of the powers of the Information Commissioner’s Office (ICO), to fine organisations up to GB pound 500,000 for serious breaches of the Data Protection Act. A total of 4% of companies reported actively changing their information management procedures as a consequence of the changes, while 58% of businesses said that they were not aware of the enhanced powers.
Robert Guice, executive vice president, EMEA, Shred-it, said: “Ignorance is no defence in the eyes of the law and UK businesses need to wake up quickly to the fact that failures to store and dispose of confidential information in a secure manner could have far-reaching and potentially financially damaging impacts upon their operations.
The chief executive of the Forum of Private Business, Phil Orford, said: “It’s time companies got wise to the seriousness of data theft and the importance of protecting their information. Quite apart from the implications for the commercial viability of a business, failing to secure data properly could lead to a potentially huge fine.”
The survey also showed that 22% of firms classified themselves as either ‘not at all aware ‘or ‘not very aware’ of their legal responsibility to keep secure confidential information relating to staff and customers, Shred-it said.