Shred-it 10th Anniversary Data Protection Report Shows Canadian Businesses Should Step Up Data Security Measures to Bridge the Gap in Consumer Trust

Shred-it's 2020 Data Protection Report reveals the emphasis on employee security training and policies has declined, despite continuous data breaches

OAKVILLE, ON, Oct. 26, 2020 /CNW/ - Today, Shred-it, a leading information security service provided by Stericycle Inc. (Nasdaq: SRCL), released its 10^th Anniversary Edition Data Protection Report (formerly known as "The Security Tracker: State of the Industry Report"), revealing an overly confident perception of information security practices within Canadian businesses at all levels. Based on a survey conducted by Ipsos, the findings shed light on trends in data protection practices and the risks Canadian businesses, organizations, and consumers face related to keeping their data secure.

The Data Protection Report found that external threats and physical property loss are the biggest information security threats to Canadian businesses. Yet, emphasis on employee training and policies has declined in 2020. With increased consumer expectations, it is more important than ever for businesses to rethink their information security training and policies. This decline could pose issues for businesses, as 86% of consumers indicated that physical and digital security is a top priority for them when choosing who to do business with.

The findings reinforce the need for business owners to have data protection policies in place as threats to data security, both physical (including paper documents, laptop computers and external hard drives) and digital (including malware, ransomware and phishing attacks), have outpaced efforts and investments to combat them. The report, which was completed prior to COVID-19, also exposes that more focus is needed around information security in the home, where C-suite executives (C-suites) and small business owners (SBOs) feel the risk of a data breach is higher.

While advancements in technology have allowed businesses to move their information to the cloud, only 6% of C-suites and 14% of SBOs operate in a paperless environment. Businesses still consume vast amounts of paper, dispelling the myth of offices going digital and signaling a need for oversight of physical information and data security.

Having policies in place can mitigate the risk of physical security breaches

C-suites (18%) and SBOs (21%) indicated that physical loss or theft of sensitive information is the biggest information security threat facing their business. Although 93% of C-suites and 58% of SBOs have a known and understood policy for storing and disposing of confidential paper documents, only 62% of C-suite employees and 40% of SBO employees strictly adhere to the policy. In addition, 44% of SBOs have no policy in place for disposing of confidential information on end-of-life electronic devices. 

While the work-from-home trend has risen over the years, the COVID-19 pandemic abruptly launched employees into work-from-home status, many without supporting policies. The majority of C-suites (76%) and SBOs (51%) had employees who regularly or periodically work off-site. While 83% of C-suites and 64% of SBOs agree the risk of a data breach is higher when their employees work off-site as opposed to in the office, just two thirds (64%) of C-suites and 36% of SBOs have remote work policies in place that are strictly adhered to by employees.

"As we adjust to our new normal in the workplace, or at home, it's crucial that policies are adapted to align with these changes and protect sensitive information," said Cindy Miller, president and chief executive officer for Stericycle, the provider of Shred-it information security services. "As information security threats grow, it's more important than ever that we help businesses and communities protect valuable documents and data from the risks of an information breach."

Better training on security procedures and policies is needed

Lack of frequent training could be causing adherence issues with 35% of C-suites and 16% of SBOs admitting they offer training at least twice per year on their organization's information security policies and procedures. Additionally, infrequent training could make organizations more vulnerable to security attacks. While nearly all (95%) C-suites and more than half (57%) of SBOs say they conduct some form of employee training on cyber-attack tactics, such as phishing, ransomware or other malware, a statistically higher proportion of employees (10%; up 4% from 6% in 2019) have fallen victim to these scams in 2020 than 2019.

"As a society, we are facing new information security challenges every day, from the rise of remote working to increased consumer concern," said Michael Borromeo, vice president of data protection for Stericycle, the provider of Shred-it information security services. "To protect businesses now and for the long haul, it's instrumental that leaders reevaluate information security training and protocols to adjust to our changing world and maintain consumer trust."

Additional findings from the report include:

While many Canadian businesses feel they are getting better at protecting sensitive information, declining consumer trust and increased expectations may impact the bottom line

• 66% percent of consumers are concerned that paper documents with their confidential information exist, and 83% of consumers are concerned that private, personal information about them is hosted somewhere on the internet.
• If a company they did business with suffered a data breach and their personal data was compromised, consumers would tell others about the breach (31%), lose trust and demand to know what is being done to prevent future breaches (23%), seek compensation (23%) or stop doing business with them (24%).

Remote work has increased over the years, but information security policies are lacking

• Prior to the COVID-19 pandemic, 76% of C-suites and 51% of SBOs had employees who regularly or periodically worked off-site.
• Ninety percent of C-suites and 64% of SBOs believe that the option to work remotely will become increasingly important to their employees over the next five years.
• While 53% of SBOs have a policy in place for storing and disposing of confidential information when employees work off-site, only 36% of SBOs indicate that their policy is strictly adhered to by all employees. Forty-two percent of SBOs state that no policy exists at all.
• Eighty-three percent of C-suites and 64% of SBOs agree the risk of a data breach is higher when employees work off-site than when they work at the office.

To learn more about how organizations can better protect their business against data breaches and receive additional survey findings, download Shred-it's 2020 Data Protection Report here.

About the 2020 Data Protection Report

Shred-it commissioned Ipsos to conduct a quantitative online survey of small business owners (SBO) in Canada (n=900) with fewer than 100 employees and C-suite executives in Canada (n=157), with a minimum of 100 employees. Data for small business owners is weighted by region. Data for C-suite executives is unweighted as the population is unknown. The precision of Ipsos online surveys is calculated via a credibility interval. In this case, the Canada SBO sample is considered accurate to within +/- 3.7 percentage points had all Canadian small business owners been surveyed, and the Canada C-suite sample is accurate to within +/- 8.9 percentage points had all Canadian C-suite executives been surveyed. The fieldwork was conducted between February 27 and March 9, 2020.

In addition to the quantitative online survey, Ipsos conducted a short omnibus survey among a general population sample of n=2,000 Canadians regarding data protection and security. The credibility interval for this sample group is +/- 2.5 percentage points, 19 times out of 20, of what the results would have been had all adults in Canada over the age of 18 been surveyed.

About Shred-it

Shred-it is an information security service provided by Stericycle, Inc. Shred-it's leading information destruction solutions ensure the security and integrity of private and confidential information, protecting global, national and local businesses across 14 countries worldwide. For more information, please visit www.shredit.com.

Media Contact, on behalf of Shred-it: 
Blane McPhail
[email protected]

Stericycle Contact: 
Maria Lyubelsky
[email protected]

SOURCE Shred-it