Printer Friendly

New risk maturity index emerges from study.

A recent Pricewaterhouse-Coopers (PwC) study found that most organizations (almost 60%) in Europe and North America are aware of the importance of their information and its role in gaining competitive advantage. The challenge is protecting it from internal and external threats without sacrificing its access and value within the organization.

"The repeated emphasis from regulators, advisors, and risk-managers on data protection and information safeguarding has become the holy grail of data management," observed PwC analysts in the report. "Unfortunately, this company-wide focus on security has kept organizations and their boards from sharing and distributing data and information within the organization to maximize its value."

The study, commissioned by Iron Mountain, is in its third year, but this is the first year it presented the results in a risk maturity index. The index gauges the extent to which businesses implement and monitor a set of 34 measures to manage and protect information assets. These measures fall into four groupings: strategy, people, communications, and security. To receive a high individual index score, an organization must not only implement the measure but also monitor its effectiveness. The four levels of risk maturity are:

* Unprepared for Risk--Organization is severely exposed to information risk. It likely does not have an information risk strategy in place, and senior management is unaware of the potential impact to its business. (Score: 49 or under)

* Aware of Risk--Organization realizes it needs to manage risk but is uncertain about what to do or remains ill-equipped to tackle the threat. (Score: 50-79)

* Approaching Maturity Organization has established some measure and senior leaders are more aware. It has reduced its exposure but has not yet implemented a robust strategy. (Score: 80-99)

* Equipped for Risk--Organization has implemented a responsible approach that encompasses strategy, people, communications, and security from top to bottom. It monitors, evaluates, and improves its approach to effectively manage its exposure to risk. (Score: 100)


Larger organizations (2,500+ employees) are outperforming mid-size organizations (250-2,500 employees) in this effort, with Europe leading the United States. Businesses in Norway stand out from the other countries (United States, Canada, France, United Kingdom, Germany, Spain, the Netherlands, and Hungary), followed by France and Canada. According to the report, businesses in these countries stand apart from the others because they understand the importance of monitoring the effectiveness of their strategies and making the necessary changes to keep ahead of the risk. At the sector level, energy and pharmaceutical businesses lead the way in information risk strategy in both Europe and North America.

Those organizations that are leading the pack and approaching maturity are focused on monitoring the success of their policies and programs and adapting to the evolving landscape. They are more likely to have prioritized leadership, communications, and analytic skills in future growth plans. Further, they protect their data well but also use that data to drive growth through innovation.

"The key to the success of information risk initiatives is to build both the policy and the evaluation into the day-to-day processes," PwC concluded. For some organizations, this may require a significant cultural shift.
COPYRIGHT 2014 Association of Records Managers & Administrators (ARMA)
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2014 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:INFO GOVERNANCE
Publication:Information Management Journal
Geographic Code:1USA
Date:Sep 1, 2014
Previous Article:Europeans call for a single copyright.
Next Article:Needed: cybersecurity professionals.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters