Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

09:00 AM
Dark Reading
Dark Reading
Products and Releases

American Businesses Deprioritizing Information Security

NEW YORK, NY, July 8, 2014 –The 4th annual security tracker, conducted by Ipsos Reid on behalf of Shred-it, reveals businesses are deprioritizing information security and decreasing their investment in the destruction of confidential information, marking the first decline since Shred-it’s first security tracker was issued in 2011 and a significant behavioral shift.

According to the study, 86 per cent of c-suite executives are aware of the legal requirements supporting the protection of confidential data, however one in five have never performed a security audit, down 13 per cent from 2013. The study also found that almost half of the small business owners surveyed conduct no regular audits of their security protocols, while 3 in 10 have never even performed an audit. Further, 33 per cent of c-suite executives acknowledge having both a locked console in the office for confidential documents; this is down 22 per cent from last year. The study also found that almost half of the small businesses owners surveyed have no protocol for storing and disposing of confidential information.

“In the 4 years we’ve been conducting this study, this is the first year we’ve seen a country deprioritize information security. This is alarming given the fact that companies are facing an increasing number of security risks and should be making information security a priority.” said Bruce Andrew, Executive Vice President at Shred-it. “It is more important than ever before that business leaders understand the financial and reputational implications when confidential documents fall into the wrong hands. Protecting information and preventing fraudulent activity doesn’t have to be an onerous task.”

Shred-it’s 4th Annual Security Tracker also found:

·         43 per cent of c-suite executives would encourage new privacy information laws requiring stricter compliance and larger enforceable penalties

·         C-suite executives who just throw sensitive documents into the garbage has increased to 10 per cent from 1 percent

·         70 per cent of small business owners and 30 per cent of c-suite executives don’t have a cyber-security policy in place

·         15 per cent of c-suite executives surveyed are likely to have never trained staff on security procedures, and are less likely to report on staff training occurring at least once a year. This is up 13 per cent from 2013

·         Only 38 per cent of c-suite executives admit to having an employee directly responsible for managing data security issues at the management level, this is down 23 per cent from 2013

·         C-suites are twice as likely not to have an employee responsible for managing data security issues in their workplace, up 11 per cent from 2013 


Information Security Insecurity

 The 2014 Security Tracker results also show that businesses of all sizes lack awareness about information security breaches, and they underestimate the potential financial and reputational implications. Four in 10 small businesses owners, and 2 in 10 c-suite executives, do not think lost or stolen data would seriously impact their business. Further, 1 in 5 small business owners and c-suite executives admit to not knowing how their business would be impacted in the event data was stolen or lost, while 2 in 10 c-suite executives admit to having experienced lost or stolen data resulting in a financial impact to their business.

“Businesses can no longer remain complacent. Procedures and protocols to protect information need to be established to ensure confidentiality of information,” says Andrew. “The study clearly shows us that business leaders are looking for more commitment from the US government and, given change takes time, we’re suggesting that business leaders take responsibility by doing all they can to establish a culture of security.”


The following simple steps can help organizations begin establishing a culture of security:  

·         Demonstrate a top-down commitment from management to the total security of your business and customer information

·         Establish a formal information security policy; train employees to know the policies well and follow them rigorously

·         Introduce a "shred-all" policy, where unneeded documents are fully destroyed on a regular basis; remove the decision-making process regarding what is and isn’t confidential

·         Introduce special locked containers instead of traditional recycling bins for disposing of confidential documents

·         Conduct periodic security audits. If you don't have the resources to implement a secure document destruction program, work with a reliable third-party vendor


- 30 -

About Shred-it:

Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. The company operates in 140 markets throughout 18 countries worldwide, servicing more than 300,000 global, national and local businesses. For more information, please visit www.shredit.com.

About Ipsos Reid:

Ipsos Reid is Canada's market intelligence leader, the country's leading provider of public opinion research, and research partner for loyalty and forecasting and modeling insights. With operations in eight cities, Ipsos Reid employs more than 600 research professionals and support staff in Canada. The company has the biggest network of telephone call centres in the country, as well as the largest pre-recruited household and online panels. Ipsos Reid's marketing research and public affairs practices offer the premier suite of research vehicles in Canada, all of which provide clients with actionable and relevant information. Staffed with seasoned research consultants with extensive industry-specific backgrounds, Ipsos Reid offers syndicated information or custom solutions across key sectors of the Canadian economy, including consumer packaged goods, financial services, automotive, retail, and technology & telecommunications. Ipsos Reid is an Ipsos company, a leading global survey-based market research group. To learn more, visit www.ipsos.ca.


About the 2014 Security Tracker

An independent survey conducted by Ipsos Reid and commissioned by Shred-it was conducted between April 28th and May 5th, 2014, with two distinct sample groups: Small business owners in the United States (n= 1,007), which have fewer than 100 employees, and C-suite executives in the United States (n=100), that have executives that work for companies with a minimum of 500 employees in the United States. 


Media contacts:

Jason Ip

NATIONAL Public Relations (for Shred-it)

T: 416-848-1704

E: [email protected]


Katarina Kristanic

Sr. Manager, PR & Communications Shred-it

T: 905-491-2250

E: [email protected]


Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-11-14
fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.
PUBLISHED: 2019-11-14
Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file.
PUBLISHED: 2019-11-14
Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.
PUBLISHED: 2019-11-14
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
PUBLISHED: 2019-11-14
SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration.