Confidential survey

by Mark Rowe

SMEs in the UK are putting their own businesses at risk and could also be damaging larger firms they supply services to by not taking enough preventative measures of confidential data. That is according to a UK information shredding firm.

New research from Shred-it suggests that SMEs are not taking enough care when managing and disposing of documents and hard drives. The data destruction firm has urged larger businesses in the UK to help SMEs they work with to improve their information security measures in order to maintain the integrity of their supply chain.

Robert Guice, Vice President Shred-it EMEA, says: “It’s good business sense for larger companies to ask whether their suppliers have a data protection partner and an information security system in place – not only to prevent sensitive information being lost by a third party but also because the financial and reputational damage of a breach could put that supplier out of business and cause havoc in the supply chain.”

According to the third annual Security Tracker survey, despite the threat of severe fines and reputational damage, SMEs still do not believe that a data breach would have a material impact on their business. This leads to them being 10 times less likely to have an information security system set up than is the case with larger businesses.

Guice says: “SMEs continue to hugely underestimate the potential cost of a data breach to them. In terms of financial loss, the Information Commissioner’s Office in the UK can fine companies up to half a million pounds, enough to send many companies into insolvency. We believe that smaller companies maybe over-estimating the costs involved in making sure confidential information is kept safe”.

The survey showed that:

•two in every five large businesses suffering a data breach have incurred losses of more than £500,000
•The average fine is about £150,000 – large enough for 30pc of companies to have to lay off staff as a result.

“Whilst larger companies may be able to absorb this cost, SMEs risk a huge hit to their bottom line and a tarnished reputation which can impact relationships with customers and other business partners” Mr Guice adds.

The company speaks of a worrying gap between the protocols in place between smaller and larger businesses. Whilst companies with revenue over £1m are eight times more likely to use a professional shredding company to dispose of their sensitive documents, 37 per cent of small businesses in the UK have no information security management system in place. Moreover, three in ten (28 per cent) small business owners have never provided any information security training to their employees.


Seventy seven per cent of larger businesses have an employee directly responsible for managing information security issues at management level (66 per cent) or board level (11 per cent) compared with less than half of SMEs (48 per cent). Furthermore, 95 per cent of large businesses have an employee devoted to data protection compared with only 53 per cent of small business owners, suggesting that larger businesses better understand the potential threat of data breaches and have put control systems in place accordingly.


•Only one in three (33 per cent) of senior business executives and just 4pc of small business owners admitted they employed the services of a professional shredding service
•Large businesses (88 per cent) are more than twice as likely to be aware of the EU Data Protection Directive reforms as small businesses (43 per cent).
•Although the gap is closer, large businesses are still more likely to be aware of the UK Data Protection Act (92 per cent) than small business owners (72 per cent).
•With more information being stored in electronic form, it is equally worrying that less than one quarter of large (23 per cent) and small businesses (25 per cent) crush their electronic media – which means the vast majority of UK businesses are inadvertently putting themselves and their customers at risk.
•Businesses could be giving away private information to fraudsters by not properly disposing of or destroying hard drives. Sixty seven per cent of large business and 49 per cent of small business owners wrongly think that degaussing or wiping a hard drive will remove confidential information kept on them.

About the survey

Ipsos MORI did a quantitative online survey of two distinct sample groups: 1,005 Small business owners in UK (all of which have fewer than 100 employees), and 100 C-suite executives working for businesses in the UK with a minimum of 250 employees.

The fieldwork was conducted April 16 to 23, 2013.

About Shred-it (

Shred-it offers document destruction services. The company operates 140 service locations in 16 countries worldwide, servicing more than 150,000 global, national and local businesses, including the world’s top intelligence and security agencies, more than 500 police forces, 1,500 hospitals, 8,500 bank branches and 1,200 universities and colleges.

Shred-it has branches in these UK locations: Belfast, Glasgow, Edinburgh, West Yorkshire, Chippenham, Waltham Abbey, Newcastle, Manchester, Birmingham, Milton Keynes, Portsmouth, Exeter, Stratford (London), Brentford, Nottingham, Cardiff; and a branch in Dublin.

Related News

  • Interviews

    China counterfeit call

    by Mark Rowe

    A trade body representing the holography industry is urging China’s manufacturers and authorities to redouble efforts to stem what it calls the…

  • Interviews

    ASIS president

    by Mark Rowe

    David “Dave” C Davis, CPP, is the 61st president of the US-based security management body ASIS International. Mr Davis, a senior division…

  • Interviews

    Vaylia CEO

    by Mark Rowe

    Vaylia CEO Paul Painter, pictured, describes himself as a serial entrepreneur, who loves this industry of ours and wants to bring back…


Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing