While 86 percent of C-Suite executives are aware of the legal requirements supporting the protection of confidential data, one in five have never performed a security audit – a 13 percent decrease from 2013. According to the fourth annual Security Tracker, conducted by Ipsos Reid on behalf of Shred-it, businesses are deprioritizing information security and destruction for the first time since 2011. The study also found that almost half of the small business owners surveyed conduct no regular audits of their security protocols, and three in 10 have never performed an audit.

In addition, only 33 percent of C-Suite executives reported having a locked console in the office for confidential documents – down 22 percent from 2013. Ten percent of executives surveyed throw sensitive documents into the garbage, an increase of nine percent from 2013. Nearly half of small business owners reported having no protocol for storing and disposing of confidential information.