Information Governance Survey

November 14, 2013

According to research commissioned by Recommind, many companies admit shortfalls in their information governance policies, and over reliance on individuals to manage their own information. The independent research was carried out by Vanson Bourne in October 2013, interviewing 200 organisations from private sector organisations with more than 1000 employees. Interviewees came from Risk/Compliance, Legal, and IT departments in Financial Service, IT/telecoms, Retail, Manufacturing, Business and Professional Services, Transport, travel and logistics. Highlighted points include:

·        on average, these organisations have 63.8 petabytes of data, 41% of which was created in the last two years

·        94% of these organisations are experiencing challenges with their data

·        49% of organisations rely on end-users to manage their own information

Most SCL members will be surprised that only 94% of the organisations are facing data ‘challenges’. 

In the UK 75% of organisations claim to have a policy in place to manage their data but only 66% claim that their policies proactively serve to mitigate risks such as fraud, litigation, regulation and compliance. Since 49% are leaving the management of data to employees, they clearly cannot tackle the issue head-on to proactively reduce risk. 

Dean Gonsowski, global head of information governance at Recommind, comments:

‘It is this over-reliance on custodian-based governance that is giving organisations a false sense of security. While it’s positive that organisations recognize the need for information governance, many are still not taking the requisite steps to truly govern their information in a proactive manner.  In fact, many are still in the dark about governance and don’t even have a full sense of the data deluge they are currently facing. While firms such as J.P Morgan and HSBC are planning to spend billions of pounds and commit thousands of extra employees to aid their compliance efforts, this approach is largely reactive and still prone to human error and mistakes.”

Of the organisations surveyed, only 24% know how much data their company holds and, on average, it takes three hours for employees to retrieve specific information – this is  before they are even able to begin managing and analysing this data, as well as understand the risk it holds.

Gonsowski adds:

‘Systems and tools are now available that can drive auto-categorization of data coherently and comprehensively, removing reliance on individuals and eliminating the inherent inefficiencies. These technologies tackle large data volumes across systems and geographies, examining unstructured as well as structured data, all while giving companies better precision and recall. Enterprises are increasingly turning to data management tools and services that provide rapid indexing, search, and granular categorization capabilities to ensure measureable information governance.’ 

With only 10% of the businesses surveyed stating that deleting data will be a priority in 2014, the exponential increase in data is set to continue. In contrast, 44% of organisations are prioritising Big Data analytics in 2014. However, this will be difficult to achieve as businesses will be buried in information as a result of keeping too much data, which will not only make it more difficult for businesses to extract value, but will also increase risk, IT headaches and wasted time for employees, as well as contributing to spiralling litigation costs. 

In a similar study conducted in the US, Recommind found that 58% of businesses claim to have an IG policy, but 64% say their practices are only ‘somewhat effective’ and over half (52%) rely on end users to manage their own data. Other key findings included: 

·         82% of US organisations agreed that some form of auto-categorisation and tagging of data is a key component of effective information governance

·         86% agreed that auto-categorisation needs to be based on content not just keywords

·         86% agreed that a robust IG programme would reduce eDiscovery risks, and 73% said it would reduce eDiscovery costs

·         55% thought that a robust IG programme would reduce the amount of organisational data