Manufacturing firms struggle to get to grips with information risk

Posted on 19 Dec 2013 by Tim Brown

Manufacturing is a sector rich in business critical information but as Phil Greenwood, of Iron Mountain says, it is also very complex with every process meticulously documented and the data carefully stored.

Regardless of whether a company is making consumer goods or parts for use by others to build cars, planes or household appliances for example, manufacturers are under constant pressure to monitor and maintain quality and precision while driving down cost and meeting the requirements of regulatory guidelines and industry standards.

Manufacturing is often at the very cutting edge of technical research and development; leading the way in innovation and design, with everything this entails in terms of intellectual property and the need for advanced data collection and analysis. In a period of transition for the sector, the role of information is growing in importance and value. And the more valuable the information, the more vulnerable it becomes – a vulnerability amplified by the current surge in information volume, variety and complexity.

With data breaches, both accidental and intentional, as well as cyber-threats and fraud all on the rise, points of weakness can become more exposed in a fast-changing information landscape, putting brand reputation and revenue on the line. Companies, including many manufacturing firms with a long, traditional heritage are struggling to cope with their legacy paper archives at the same time as they are adapting to the exploding volumes of digital data – all within a regulatory environment that is not always clear. As a result, collecting, processing and protecting the information a company may need while filtering out the data it doesn’t is becoming increasingly challenging; leading to confusion, anxiety, uncertainty and risk.

A recent report by information storage and management company Iron Mountain and PwC looked at mid-market manufacturing and engineering firms in Europe. It revealed some worrying trends in the sector’s approach to information risk. For example, the study found that while there is growing understanding across the manufacturing and engineering sector of the need to better manage and protect information, only around half (54%) of manufacturing firms have allocated responsibility for information risk to a specific individual or team, and just 43% have an effective information risk strategy in place.

The study, which looked at firms with 250 to 2500 employees in France, Germany, Hungary, the Netherlands, Spain and the UK, did however reveal that the performance of the other business sectors surveyed (insurance, financial services, pharmaceutical and legal) was even worse. The poorest performer was the legal sector, with just 34% of legal firms appointing a designated individual or team to look after information risk, and a mere 16% executing a strategy to manage information risk.

However, of all the sectors studied, manufacturing firms were the most likely to regard employees as a serious threat to information security, with just under half (46%) sharing this view. At the same time, manufacturers were the least likely to offer information training or communication to staff. A quarter offered no training and a third didn’t communicate with staff on information risk and policy.

When it comes to the job roles seen as most likely to cause a data breach, employees in IT (55%) and senior executives (33%) were ranked as most likely. This was similar to results in other sectors. Manufacturing, however, is unique in seeing middle management as a high risk category (at 18%, around double the business average of 10%). This could reflect the fact that in a traditional manufacturing firm, this is the level at which greater access to business-sensitive information becomes possible.

Considering the sector-wide importance and influence of regulatory compliance, it is not surprising that manufacturing firms were the most likely to worry about the legal consequences of unforeseen data loss: 32% of firms – double the business average of 16%. Around half (48%) feared financial loss, compared to an average of 33%.

The most critical discovery, however, was that a small but significant 16% of manufacturing firms believed a data breach could threaten their very existence, set against a business average of just five%.

In a world where innovation in products and services, speed to market and globalisation are vital for survival in a fiercely competitive and economically volatile business climate, such a relatively high level of fear makes more sense. Success depends increasingly on information integrity, value and security; lose that and you could indeed be at risk of losing your business.

Manufacturing firms must get to grips with information risk. This means building trust by educating and supporting employees and putting a robust information management framework in place to better protect and increase the value of information. This should include secure offsite archiving, document digitisation and rapid-retrieval programmes.

It’s not about an instant and total overhaul that will cost the earth and terrify everybody. In fact, the ideal approach should come almost instinctively to manufacturers: it’s about designing the outcome you want and then putting it together, one piece at a time. It really is that simple.

A summary of the report, Beyond Awareness: the Growing Urgency for Data Management in the European Mid-market, can be found at