SMEs taking slack approach to data security

Saying and doing are two different things, as proven by the UK's small and medium-sized enterprises (SMEs), whose lack of data security measures is putting their organisations at risk, according to a new study.

The research from Shred-it suggests that many business leaders are indeed aware of their legal data protection requirements, but are failing to take the necessary action to mitigate the risk.

According to the study, 98% of C-suite executives (C-suites) and 88% of SMEs business owners are clued-up on the Data Protection Act, but just half of C-suites (56%) and fewer than a third of SMEs (28%) are carrying out frequent information security audits.

However, it can even be argued from the findings that UK businesses are not as au fait with the data protection guidelines as they make out, with only half of SMEs stating they're 'very aware' of their legal requirements around storing.

That represents an increase of just 7% since the survey began in 2011 – although the figure was slightly better for C-suites, at 72%.

Commenting on the findings, Shred-it said it is high time UK businesses turned information security awareness into action, such as conducting frequent data security audits, training of staff, and disposing of unwanted confidential information.

"While it is encouraging to see data security awareness improve among UK businesses, it is simply not enough to be aware of the risks and legal requirements associated with information security; businesses in the UK must put this into action," stressed Robert Guice, executive vice president of Shred-it EMEA.

Guice added that SMEs are in "serious danger" of destroying existing relationships with larger firms – on which their business might be dependent – by not putting enough work into information security measures.