This week Stericycle released its 12th annual Shred-it Data Protection Report (DPR) entitled “The Vital Importance of Data Protection for Small Businesses.” Focusing on the information security landscape and the challenges of small businesses, the report reveals gaps and opportunities in data protection, education, and the regulatory landscape.
According to the Identity Theft Resource Center’s 2021 Annual Data Breach Report, data breaches are at an all-time high, surpassing the previous record set in 2017. Last year, physical breaches—including document theft—accounted for 43% of breached assets. The cost of data breaches is also on the rise with an average cost of more than $4 million, which could cripple a small business as they face potential regulatory actions and fines, legal fees, and the loss of customers. This year’s DPR confirmed that the majority (90%) of Small Business Leaders (SBLs) surveyed feel that it is harder than ever to keep their company’s sensitive data and information safe, with two-thirds reporting that they have spent more budget on data protection measures this year than ever before.
SBLs reported remote work (69%), employee turnover (63%), and supply chain vulnerabilities (60%) as the driving factors of data protection challenges and concerns today. Moreover, over half of the SBLs surveyed find it difficult to keep up with changing data and information protection regulations and do not have the adequate resources to navigate them.
Stericycle releases its 2022 Shred-it Data Protection Report during a time when small businesses are facing new and larger threats to data protection. After a global pandemic accelerated a shift to remote work environments for many organizations, more businesses are offering permanent remote or hybrid work options. The “Great Reshuffle,” a time of strong labor demand and low unemployment, led to high employee turnover across North America. With a swath of new employees working in a hybrid and decentralized work environments, there has never been a more important time, especially for small businesses, to prioritize data protection.
Business-critical insights from the report include:
Small Businesses Are Leaving Physical Data Vulnerable to Potential Breaches
- Despite the vast majority (91%) believing that physical and digital data protection are equally important, many SBLs (53%) believe digital risks are the greatest data protection risk to their business today.
- Only 27% of SBLs say they collect and destroy sensitive materials when no longer needed.
Education Is Key in Data Protection Efforts
- Only 58% of the SBLs said their companies require all employees to undergo mandatory information security training.
- Even with that training, SBLs surveyed reported a fear that their workforce still does not understand data protection best practices (67%) or how to navigate a potential data breach (66%).
Small Business Leaders Need Support to Navigate the Changing Regulatory Landscape
- 1 in 4 SBLs do not understand the various types of data and information protection laws and the ways businesses are subject to comply.
- 55% of SBLs believe they do not have adequate resources or support to navigate today’s data and information protection regulations.
The full 2022 Shred-it Data Protection Report provides actionable recommendations for small business leaders to help them keep their digital and physical data secure as well as best practices to remain educated about changes in data protection legislation. Access the full report here.
To learn more about how our Shred-it secure information destruction solutions can help you protect your business, please contact us to get a free quote and security risk assessment.