SCOTTISH businesses are less likely than firms in other parts of the UK to have put in place many critical data security policies and procedures, according to a new survey.
The information from Shred-it’s eighth annual State of the Industry Report, says Scottish businesses were less likely than businesses in other regions to have a general information security policy, with 36 percent having no information security policy in place at all.
This is a higher proportion than London at 17 percent, Wales at 19 percent, the South on 24 percent, the North on 29 percent and the Midlands on 34 percent.
Scottish businesses are the least likely, by some margin, to have a policy requiring employees to report an information security issue.
Two-thirds of Scottish businesses admit to having no policy at all, compared to around half in the rest of the UK.
In addition, nearly half of Scottish companies admitted that they had no data security protocols in place for employees working off-site, far more than in any other region.
Just a quarter of London-based firm had this failing, while the North, the Midlands, and the south saw a third of firms failing here, and Wales saw two fifths failing.
Scottish businesses also ranked worse in terms of data security practices in the two areas.
The first was having a known and understood policy on storing and disposing of confidential information – nearly half of Scottish businesses say they do not have one at all.
The second was training staff on information security procedures – a third of Scottish firms say they have never trained their staff in this area
The annual study exposes information and data security risks currently threatening UK enterprises and small businesses and includes survey findings from the Shred-it Security Tracker.
Ipsos conducted a quantitative online survey of three distinct sample groups in the UK – 1,000 small business owners, over 100 executives of large organisations. and more than 1,100 consumers/employees.
The study also shows nearly a third of UK companies that have suffered a data breach have terminated an employee’s contract for related negligence.
Neil Percy, vice-president market development and integration at Shred-it, said: “It might feel like rough justice for employees to be held to account when training is not comprehensive
“But it reflects how difficult this process is, even for businesses with extensive resources.
“There may also be an assumption that some elements are common sense.
“But that potentially belies how easy it is to be duped by skilled phishers and hackers, or even to lose confidential info during the course of a busy day. Mindfulness is key and training helps.”
“The lack of ubiquitous training on the EU’s General Data Protection Regulation (GDPR), for example, suggests that a large proportion of the British workforce is not appropriately trained for the kinds of safeguards necessary under GDPR.”
Around half the larger firms surveyed reported employees have lost company mobile phones and company laptops while working off-site. Three quarters of the big firms had policies for storing and disposing of sensitive data for staff off-site, but more than half of small firm bosses said they do not have a policy in place at all.
Fieldwork for the study was done from April 9 to April 23, 2018.
Why are you making commenting on The National only available to subscribers?
We know there are thousands of National readers who want to debate, argue and go back and forth in the comments section of our stories. We’ve got the most informed readers in Scotland, asking each other the big questions about the future of our country.
Unfortunately, though, these important debates are being spoiled by a vocal minority of trolls who aren’t really interested in the issues, try to derail the conversations, register under fake names, and post vile abuse.
So that’s why we’ve decided to make the ability to comment only available to our paying subscribers. That way, all the trolls who post abuse on our website will have to pay if they want to join the debate – and risk a permanent ban from the account that they subscribe with.
The conversation will go back to what it should be about – people who care passionately about the issues, but disagree constructively on what we should do about them. Let’s get that debate started!
Callum Baird, Editor of The National
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereLast Updated:
Report this comment Cancel