European firms not willing to work with companies that suffer a data breach

Published at 00:01 AM on 21 June 2013

Iron Mountain and PwC study reveals this view is often held by firms that expect to lose data themselves

More than half (58 per cent) of European mid-sized firms say they would refuse to do business with a company that had suffered a data breach, despite the fact that 41 per cent believe data loss is just an inevitable part of daily business. That’s according to a new report by storage and information management company Iron Mountain and PwC.

The 2013 Information Risk Maturity Index shows that, even as European companies are experiencing a 50 per cent per year increase in data breaches [1], their approach to information management is defined by confusion, inconsistency and double standards.

This is the second annual publication of the Information Risk Maturity Index, which measures how prepared European mid-tier companies are to manage and respond to information risk.

The study found that, while 68 per cent of companies recognise that a responsible attitude to information is critical to business success, 47 per cent say their Board does not see data protection as a big issue and 43 per cent say their employees hold the same view.

In addition, while 44 per cent expect the risk of a data breach to increase, 60 per cent believe that cutting costs is more important than reducing exposure to information risk. Less than half (45 per cent) have an information risk strategy in place and measure its effectiveness, and 38 per cent have a plan but do not know whether it works or not. More than half (54 per cent) say the pace of change in information risk is so staggering that they will never keep up with it.

Christian Toon, Risk and Security, Iron Mountain said: “There is a growing gap between attitude and action at a time of increasing complexity and rising threats to information security. Businesses are unsure what to do or where to turn. It is critical that they adopt a responsible approach to information management, not just to deserve and preserve their brand reputation and customer loyalty, but to ensure that other firms will want to keep doing business with them.”

PwC surveyed senior managers at 600 European businesses with 250 to 2,500 employees in the legal, financial services, pharmaceutical, insurance and manufacturing and engineering sectors.

The results, assessed for France, Germany, Hungary, the Netherlands and Spain show that the average Information Risk Maturity Index score for European companies in 2013 has increased to 56.8, compared to 40.6 in 2012, set against a score of 100. In 2012, the UK held the position of Europe’s worst performer in managing information risk, occupying the lowest index score. In 2013, it has moved up the rankings, overtaking Spain and France to fourth best performer, just behind Germany. The ‘people’ and ‘security’ based measures amongst the UK mid-market have increased in comparison with 2012, but the UK mid-market continues to struggle with the communications and strategic elements required to be fully equipped for information risk.

While the index suggests significant improvement has been made, businesses in the UK – indeed all those across Europe – have a long way to go before they can achieve truly acceptable levels of information risk management.

Claire Reid, PwC Risk Assurance partner says: “Too many European companies continue to undervalue their information assets and overestimate their ability to protect them. This is no longer a lack of awareness; it’s a lack of action. Information underpins market position and customer confidence, and any kind of information loss can deliver catastrophic reputational damage.

“As information breaches increase at a spectacular pace, European companies need to understand that failing to take action to safeguard information means they will almost certainly become a victim.”

A summary of the report, Beyond Awareness: the Growing Urgency for Data Management in the European Mid-market, can be found at .


Notes to Editors:

1. All data for ‘UK and elsewhere in Europe’, taken from 2013 Information Security Breaches Survey, PwC for Department of Business Innovation and Skills, April 2013

About IronMountain:

Iron Mountain Incorporated (NYSE: IRM) is a leading provider of storage and information management solutions. The company’s real estate network of 64 million square feet across more than 1,000 facilities in 35 countries allows it to serve customers around the world. And its solutions for records management, data backup and recovery, document management and secure shredding help organizations to lower storage costs, comply with regulations, recover from disaster, and better use their information for business advantage. Founded in 1951, Iron Mountain stores and protects billions of information assets, including business documents, backup tapes, electronic files and medical data. Visit for more information.

For more information contact:

Stephanie Howel

Advisory PR Manager, PwC
Tel: 020 7213 2421
Mobile: 07734 456 098


About PwC

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 208,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at

PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see for further details. © 2016 PwC. All rights reserved

« PwC comments on BIS committee's calls for mandatory pay audits | Homepage | Companies’ progress in reducing their pensions burden has stalled, says PwC research »

  • Contact us
  • +44 (0) 20 7213 1768

Specific and out of hours contacts