The survey, which sought the views of more than 500 IT and HR professionals, found that 45 percent of companies do not provide formal training to staff on handling corporate records and information and 46 percent have no plans to introduce any such training in the near future.
The report also reveals that almost a third (31 percent) of businesses choose not to train their employees specifically around the security of data.
“The fact that so many organisations do not formally train all their workers on managing records and information - including the handling of sensitive data - indicates that too many top executives don't fully comprehend the risk,” said Marilyn Bier, international executive director for ARMA International.
“Information is a critical corporate asset. It's also a major risk area. That realisation must start at the top.”
According to Bier, companies have a responsibility to train every single member of staff in order to stress the importance of information security.
“The failure to institutionalise data management training leaves an organisation vulnerable,” she said. “Policies alone are not enough. Each employee needs to understand why data protection is important to continued operation and the risks if it’s not done well.”
Study: Firms failing to train staff on data security
By Fiona Raisbeck on May 11, 2007 10:00AM