
The report also reveals that almost a third (31 percent) of businesses choose not to train their employees specifically around the security of data.
“The fact that so many organisations do not formally train all their workers on managing records and information - including the handling of sensitive data - indicates that too many top executives don't fully comprehend the risk,” said Marilyn Bier, international executive director for ARMA International.
“Information is a critical corporate asset. It's also a major risk area. That realisation must start at the top.”
According to Bier, companies have a responsibility to train every single member of staff in order to stress the importance of information security.
“The failure to institutionalise data management training leaves an organisation vulnerable,” she said. “Policies alone are not enough. Each employee needs to understand why data protection is important to continued operation and the risks if it’s not done well.”