Acquisitions higher security risks than mergers

Posted On 22 Mar 2014
Comment: Off

Company acquisitions can have a devastating impact on information security and management. According to a new study by European research company Iron Mountain, employees of acquired firms are more preoccupied with the potential impact on their role than with the need to effectively integrate the information of both companies. Iron Mountain, a specialist on storage and information management, says that the lack of focus during an acquisition could leave information at increased risk of loss or exposure. The picture is different when companies merge, and employees stay focused on integration and ensuring company information remains well managed. The top two information concerns of employees at acquired firms are: confusion around responsibilities for managing the information (34 per cent) and the prospect of change to their information management systems (33 per cent). Just over a quarter of employees (27 per cent) at acquired firms worry about consolidating different sets of customer or company records, and less than one in five (17 per cent) worry about how to deal with data discrepancies, duplication and overlap. This contrasts sharply with the concerns of staff at the acquiring firm, where 41 per cent worry about integrating the two data sets and 34 per cent are concerned about the quality of the data. Furthermore, one in three employees of acquired firms say there are no policies for integrating records or protecting customer data compared to just 19 per cent of those at the acquiring firm. Paper records are a serious concern, with 44 per cent of newly acquired firms saying there is no process for integrating paper into new digital systems, and 31 per cent saying the same for the storage of the paper archive. Charlotte Marshall, MD of Iron Mountain in the UK, Ireland and Norway says,” Information management is often an afterthought when companies merge. However, given the value of information and the desire of merging firms to rationalise cost structures, it should be a priority. Joining forces with or acquiring another organisation provides an opportunity for firms to re-evaluate their information management programmes and make the changes required to drive consistency, increase security and improve access to information.” The picture for company mergers is very different, with employees at both firms focused equally on addressing the main aspects of information management. Nearly three quarters (71 per cent) of employees feel supported in record integration during a merger, and nearly two thirds (62 per cent) feel the same about the protection of customer data. Marshall adds,” Our study shows that the emotional impact of acquisitions can cause employees to lose focus on how information is managed. Information on paper is particularly vulnerable, with many firms having no effective storage or integration plans in place, thereby leaving potentially valuable data at increased risk of loss or exposure. Because employees can feel insecure and unsupported during times of change, communication is key. Consistent and clear instruction on how to deal with the information challenges ahead will help employees to understand how information should be managed going forward, where the key responsibilities lie, and what advantages new information management processes can bring.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.