LONDON, MAY 18, 2010 – Recommind, the leader in search-powered Information Risk Management (IRM) software for enterprises and law firms, today announced the results of its information risk research*, revealing a stark disconnect between organisations’ awareness of the risks associated with electronically stored information (ESI) and their ability to address the situation with adequate budget.  Many organisations recognise the challenges that they face in the here and now – however, the research shows that most still are not taking action to reflect these strategic information risk concerns, creating a situation rife with danger in the current political and economic environment.

When it came to implementing a strategic approach to information risk, compliance and regulations were the most important consideration for 83 percent of organisations.  In contrast though, just 38 percent of those surveyed are focusing the majority of their information management budget for 2010 on compliance. 

“While it is reassuring to see an increase in the number of organisations aware of information risk, it’s incredibly worrying that this awareness hasn’t triggered more enterprises into acting to mitigate against it,” said Simon Price, European director at Recommind.  “Inevitably this action is going to come too late for many organisations, and when this happens, these companies will have left themselves wide open to serious consequences including hefty financial penalties, exorbitant legal costs and loss of stakeholder confidence due to a lack of early action.”

The research, conducted in conjunction with InfoRiskAwareness.co.uk, a new project and website dedicated to raising awareness of information risk issues, also highlighted that data breaches are the biggest concern – 91 percent of organisations saw this as the biggest risk to their corporate information today.  However, just 55 percent stated this was a key determining factor in their information risk strategy moving forward – clear evidence of a “changing of the guard” underway with respect to enterprises’ top information risk concerns. 

While the business world has a more solid understanding of network security – an IT issue which has evolved into a board level concern over the past decade – growing concerns such as compliance and eDisclosure are still relatively new phenomena in the UK.  Even in the financial sector, where regulation is rife, just 52 percent of respondents considered compliance a major risk associated with their corporate information, compared with 92 percent when asked the same question about data breaches.

“Given the current regulatory climate and the expectation that there’s a lot more legislation still to come, information risk as a result of lack of compliance or eDisclosure should at least be taken as seriously as network security, if not more so,” continued Price.  “With incidents like those facing Toyota and Goldman Sachs dominating the headlines, their information management oversights should serve as a stern wake-up call to all UK organisations.  Just as high-profile hacking attacks have succeeded in severely damaging companies of all sizes both from a financial and reputational point of view, unless there is an immediate change in attitude – backed by action – towards information risk, these same businesses could well be caught off guard by compliance events in the near future.”

Email management is a surprisingly low priority for businesses when it comes to allocating their information management spend.  Only 17 percent cited this as a key area, whereas 38 percent were focused on document management and enterprise search.  Social media and Web 2.0 is another area that is still largely overlooked with just seven percent factoring this into their 2010 budgets.  In contrast, 35 percent saw this as one of the biggest risks associated with their information, and 42 percent stated that the increased use of such tools in the workplace was a key influence in their approach to information risk.

“It seems that most businesses think they have their email management under control, but when we consider the sheer volume of information contained in these archives, it’s clear that this should still be a top priority,” said Price.  “Without this, companies won’t have an accurate grasp of what’s happening within their organisation – which could not only leave them vulnerable to data breaches but could also have serious financial consequences.  For example, if they are required to produce information in court or for an investigation, it could cost millions to scour through the archives and find this exact information in the quick turnaround required. 

“With social media uptake showing no signs of slowing, businesses can no longer afford to ignore it – in fact by doing so, they could be putting themselves at even greater risk,” added Price.  “Given the prevalence of these tools, and their increasing relevance in regulatory investigations, social media and Web 2.0 need to be incorporated into corporate information management policies now.  One of the major challenges with this is that budget cycles are typically five or more years, and with so much change happening every month, let alone every year, information risk needs to be assessed on an ongoing basis.”

Despite the apparent disconnect between budgetary priorities and key concerns, 79 percent of organisations already have or are thinking of putting an information risk strategy in place, suggesting that the overall issue is a priority.  When considering just the financial sector, this figure rises to 96 percent, strongly suggesting this industry is ahead of the game.  Recommind notes that this may be partly due to the extremely sensitive nature of the information these organisations hold, but that equally the sheer level of regulation to which these organisations are subject plays a key role.  With more regulation on the way – which will affect all enterprises – there are key lessons that other organisations could learn from their counterparts in the financial industry.

“Information risk is a key issue for all organisations and it’s encouraging that so many are taking it seriously,” said Bobby Balachandran, president and CEO at Exterro, Inc., also an InfoRiskAwareness project partner.  “However, many still consider proactive approaches to managing information risk as optional – this is dangerous.  With regulation on the rise, it’s now essential for businesses to have complete and utter control over all their information as well as the ability to effectively manage legal governance, risk and compliance processes as quickly and efficiently as possible.”

*Information risk research was conducted by Vanson Bourne and surveyed 200 CIOs within large UK organisations across several vertical sector industries in April 2010

About Exterro
Exterro, Inc. is the recognised leader for legal governance, risk management and compliance software solutions.  Exterro’s solutions enable legal, IT and records management teams to control risks, reduce costs, enforce compliance and streamline processes by tightening collaboration between outside counsel, in-house legal teams, cross-platform business units, service providers and resources.  The complete Fusion platform provides an end-to-end legal governance, risk assessment and information management solution.