Information Complacency is a Key Information Management Challenge for 2015

2014 was again fraught with news stories of information being lost and the associated security risks that may arise from the loss. While public concern continues to rise about the security and privacy of electronic information from potential cyberattacks, key information challenges for 2015 should not be restricted to cybersecurity. The need to address information complacency is a key information management challenge for 2015.

Data Breaches in 2014

In November 2014 it was reported that “a fifth of data security breaches across the NHS are down to paper records being lost or stolen” and “digital errors can be tracked far more rigidly, than paper ones — a suggestion that there may be far more errors we, and the NHS, do not know about” ( Table 1 provides examples of data breaches that occurred through non-electronic means.

Information Lost By Example
Physical computers being stolen
Memory stick being lost
Email attachment sent to wrong person
Paper records not securely destroyed

Table 1: Examples of Non-Electronic Data Breaches 2014

The examples of information security breaches in Table 1 demonstrate that information security risks are not limited to the realm of cybersecurity. This is further supported by data published by the UK’s Information Commissioner’s Office (ICO) shown in Table 2.  Of the 428 data breaches reported to the ICO in the second quarter of 2014, only 5.6% are the result of computer hacking, the majority of incidents are caused by a general lack of care in how information is handled.

Type of Incident Percentage
Data posted/faxed to incorrect recipient 17
Loss/theft of paperwork 14
Data sent by email to incorrect recipient 12
Principle 1 – Principle 6 or Principle 8 failure 8.6
Loss/theft of unencrypted device 5.8
Insecure web-page (including hacking) 5.6
Insecure disposal of paperwork 5.6
Failure to redact data 4.7
Verbal disclosure 1.6
Information uploaded to web-page 1
Insecure disposal of hardware 0.5
Other principle 7 failure 22

Table 2: UK Data Breaches (source:


Information Complacency Threatens Information Security

The data suggests complacency in the handling of information.  As attention is continually directed to the threat of attacks on electronic data through, for example, phishing, spoofing and hacking,  information is being lost through non-electronic means.  Carelessness, thoughtlessness and lack of attention to the information being handled remains a major threat to information security in organizations.

Causes of Information Complacency

Information complacency may be caused by the information technology creating a distance between the person handling the data and the individual to whom the data relate.  This lack of relationship can perhaps devalue the data to mere numbers and letters being handled, neglecting the value of the information that the data represent.  We can create, change and circulate text in seconds using information technology and this speed of creation has perhaps resulted in a devaluing of information and also perhaps does not give us time to stop and think about our actions.

How to Address Information Complacency

Addressing information complacency is a key information management challenge for 2015 that requires organizations to:

  • Review information management policies.
  • Ensure information management policies are actioned and not merely documented.
  • Ensure all staff are trained in information management.
  • Define security procedures for the creation, circulation and destruction of non-electronic information.
  • Develop a culture of individual information responsibility.

Everyone in the organization needs to understand their responsibilities towards information, to eradicate information complacency and improve information security.



Further Reading:

Information security is discussed in Chapter 5, providing guidance on how to address information complacency.  Information responsibility is discussed in Chapter 16.



Please use the following to reference this blog post in your own work:

Cox, S. A., (2015), ‘Information Complacency is a Key Information Management Challenge for 2015’, 23 January 2015,, [Date accessed: dd:mm:yy]


© 2014 Sharon A Cox