A recent survey conducted in April by Ipsos Reid on behalf of Shred-it found that 19 percent of large Canadian organizations have no one responsible for managing data security issues, and 45 percent of small businesses are in a similar position.

The survey also found that 22 percent of Canadian small businesses aren't aware of their industry's legal requirements for storing or disposing of confidential data. While that's true for only five percent of large businesses, 57 percent of large businesses admit that not all employees are aware of those requirements.

Only six percent of small businesses and 24 percent of large businesses train their staff of the company's information security policies and procedures twice a year. Thirty-three percent of small businesses admit to never training their staff at all.


Still, 15 percent of large businesses that experienced a breach suffered a loss of more than $500,000, up from 3 percent in the previous year's survey.

"It may be tempting for businesses to put information security on the back burner, particularly if they've never experienced a data breach," Shred-it vice president Bruce Andrew said in a statement. "By making information security an important part of the organizational culture and by actively and regularly training all staff on the proper policies and protocols, businesses can make the safeguarding of sensitive data a company-wide practice potentially saving themselves from both financial and reputational damage."