Information Economics: The Intersection OF Value,Risk And Cost
Information Economics is managing and leveraging information created and received by an
organization with a view to the bottom line. Every business needs an enterprise-wide information
strategy that aims to reduce risk, ensure compliance, lower costs, and now with the emergence of
big data, prepare for analytics. Information Economics provides a comprehensive and collaborative
strategy to help organizations optimize information value and limit risk at every stage from the initial
creation of records and information across their active life, right through to secure destruction.
Risk Aware And Prepared
In the previous chapters of this eBook, we’ve looked at how to secure a Return on Information by extracting maximum value from your records and information. We’ve also explored minimizing costs by retaining records you’re legally obligated to keep and putting the rest in permanent storage or arranging for secure destruction. But not every aspect of Information Economics can be transparently assessed in terms of cost or savings.
Mitigating Information Risk Is Essential To Extracting Maximum Value
Information risk might seem difficult to quantify economically, but avoiding information catastrophe must be a top priority as the consequences can be so severe. The need to mitigate risk however, must be balanced with an organization’s overriding need to allow its people the freedom to work efficiently, extracting maximum value from its information.
This chapter examines the individual threats and explains
how to plan a strategy to avoid disaster and get a positive Return on Information.
Information Risk: The Facts
One very insightful piece of research on information risk comes from top global business consultancy PwC and Iron Mountain. Their 2014 report, Beyond good intentions – the need to move from intention to action to manage information risk, analyzes research on 600 North American companies and a further 600 in Europe, all with
250 – 2,500 employees.
The Average North American Business Scores
On Readiness For Risk
The report defines best practice in minimizing information risk and quantifies performance against this benchmark using the Information risk maturity index. An index of 100 indicates that a business is equipped for risk, and the average index for North American businesses was found
to be 54.5, showing that the vast majority of companies are exposed to considerably greater risk than they need to be.
The catastrophic data breach is every company’s worst nightmare. While hacking is a serious threat, in PwC’s 2014 Global State of Information Security Survey, almost as many executives cited current employees (31%) as a likely source of an information security incident as hackers (32%).
31% Of The Worst Security Breaches In 2014 Were Caused By Human Error
Recent government research in the UK and North America shows that 31% of the worst security breaches in 2014 were caused by human error, with a further 20% due to deliberate misuse of systems by staff1. The same survey shows that there has been a significant rise in the cost of individual incidents.
1 Information Security Breaches Survey 2014 - UK Department for Business Innovation and Skills
Chapter 1 of this eBook looked at Return on Information and the importance of reducing your records burden in order to free up office space and improve access to information. An enforceable records retention schedule can help you do both – and achieve compliance. Data protection regulations are perhaps the most significant in terms of penalties, with fines of up to approximately $760,000 for serious breaches2.
When it comes to data losses, especially where sensitive customer information is involved, the fine can be the least of your worries. Reputational damage can cost you far more in the long run. 90% of companies that suffer a significant data loss go out of business within two years3.
2 UK Information Commissioner’s Office
3 London Chamber of Commerce