Shred-it, a leading information security service provided by Stericycle, Inc. (Nasdaq: SRCL), today announced the release of its 11th annual Data Protection Report (DPR), revealing key insights and expert perspectives on the ever-evolving information security landscape. Conducted during the COVID-19 pandemic and featuring responses from consumers and C-level executives as well as small and medium business owners (SMBs), the report—titled “No Longer Optional: Invest in Data and Information Security Now or Pay Later”—reveals gaps and opportunities for both physical and digital data protection.
According to the 2020 Year End Report by Risk Based Security, in 2020 more than 37 billion records were exposed to thousands globally— a 141% increase compared to 2019. And this year’s Data Protection Report confirmed that the industry is feeling that risk as one in four North American businesses fear that an attempted data breach is very likely for their company in the next 12 months. As well, approximately four out of 10 business leaders rate the risk of an attempted data breach in the next 12 months as a ‘four’ or ‘five’ on a five-point risk scale, with ‘five’ being the highest risk. And they likely are not prepared as more than 50% of business leaders do not have an incident response plan, making responding quickly to a data breach a challenge.
Data protection laws have evolved over the past 10 years to better protect consumer data and encourage businesses to take action to protect their confidential information. Several states, such as California, Colorado and Virginia, have recently adopted privacy laws with many other states working on comprehensive consumer privacy bills. In addition, Canada has already enacted the Personal Information Protection and Electronic Documents Act.
“It is clear that threats to information security will continue to grow, evolve and have serious impacts on businesses of all sizes from a regulatory compliance, reputational and financial perspective,” said Cory White, executive vice president and chief commercial officer at Stericycle. “But the good news is that there is a lot that businesses can do about it. Companies that are active and vigilant in their data protection can help safeguard their confidential information, which impacts the health and well-being of their bottom line and their brand. We are proud of our long tenure in helping companies do just that through our secure information destruction services.”
Business-critical insights from the report include:
With Increasing Regulations and Financial Risk, the Impact of Data Breaches Is Too Large to Ignore
- Among North American leaders, executive resignation or termination (U.S. 62%, Canada 54%) and legal issues (U.S. 40%, Canada 54%) were the most cited consequences of data breaches among large businesses.
- In addition, large businesses in Canada were more likely (42%) to cite damage to their reputation and credibility, as compared to their U.S. counterparts (27%).
Consumers Are Concerned about Data Security and Likely to Act if Theirs Is Compromised
- Consumers continue to take their personal information security very seriously, with most (U.S. 88% and Canada 90%) indicating the level of importance as “extremely high.”
- Consumers will take action if their data is compromised, with over 80% deciding who to do business with based on a company’s data security reputation.
Insider Threats Continue to Loom
- While malicious outsiders (55%) are sources of data breaches, in many cases, ‘trusted’ insiders—external partners (40%) and employee error (22%)—are as likely to have been the cause.
- Remote work will continue to impact security threats. Sixty-three percent of employees surveyed that work off-site regularly print work documents, and one in four of them simply dispose of their work documents in the recycling or trash.
“The results of this year’s report speak to the multifaceted security concerns that the pandemic has brought to the forefront for businesses across North America,” said Michael Borromeo, vice president of data protection for Stericycle. “Physical and digital data protection is essential to a company’s reputation and financial performance. Business leaders would do well to stay informed on consumer privacy laws as they evolve, know their data inside and out, and proactively prepare to protect it. With the right considerations, retaining consumer, stakeholder and employee trust is possible with holistic data protection measures.”
The full 2021 Data Protection Report provides actionable recommendations for business leaders to keep their data secure as well as an in-depth review of industry-specific practices throughout the healthcare, finance, professional services, insurance and real estate industries. Access the full report and multimedia assets here.