Shred-it discovered noticeable jumps since 2017 in both corporate executives and small-business owners reporting that they experienced a data breach.

The information security service provided by Stericycle announced the findings when Shred-it released its 10th anniversary edition of the Data Protection Report, which outlines data security risks threatening U.S. enterprises and small businesses.

According to the report, nearly half of C-suite executives — 43% to be exact — and 12% of small business owners have experienced a data breach. Shred-it indicated those readings represent a 21% rise from 2017 among those executives and a 7% climb for those small business owners.

While companies are getting better at protecting their customers’ personal and sensitive information, Shred-it determined their focus on security training and protocols has declined in the last year. The firm cautioned that this decline could pose issues for businesses, as 83% of consumers say they prefer to do business with companies who prioritize protecting their physical and digital data.

Formerly known as The Security Tracker: State of the Industry Report, the findings are based on a survey conducted by Ipsos, shedding light on trends in data protection practices and the risks American businesses, organizations and consumers face related to keeping their data secure.

Shred-it said the findings reinforce the need for business owners to have data protection policies in place as threats to data security, both physical (including paper documents, laptop computers or external hard drives) and digital (including malware, ransomware and phishing scams), have outpaced efforts and investments to combat them.

Shred-it also noted that its report — which was completed prior to the COVID-19 pandemic starting — showed that more focus is needed around information security in the home, where executives and small business owners feel the risk of a data breach is higher.

While advancements in technology have allowed businesses to move their information to the cloud, Shred-it discovered only 7% of top executives and 18% of small-business owners operate in a paperless environment.

“Businesses still consume vast amounts of paper, dispelling the myth of offices going digital and signaling a need for oversight of physical information and data security,” Shred-it said.

Both top executives and small-business owners indicated external threats from vendors or contractors and physical loss or theft of sensitive information are the top information security threats facing their business, according to the report.

Yet, Shred-it said the number of organizations with a known and understood policy for storing and disposing of confidential paper documents adhered to by all employees has declined 13% for those companies with top executives and 11% for those small-business owners.

In addition, the report mentioned 49% of small-business owners have no policy in place for disposing of confidential information on end-of-life electronic devices.

While the work-from-home trend has risen over the years, the COVID-19 pandemic abruptly launched employees into work-from-home status, many without supporting policies.

According to the report, the majority of top executives (77%) and small-business owners (53%) had employees who regularly or periodically work off-site. Despite this trend, just 53% top executives and 41% of small-business owners have remote work policies in place that are strictly adhered to by employees working remotely.

“As we adjust to our new normal in the workplace, or at home, it’s crucial that policies are adapted to align with these changes and protect sensitive information,” said Cindy Miller, president and chief executive officer for Stericycle, the provider of Shred-it information security services.

“As information security threats grow, it’s more important than ever that we help businesses and communities protect valuable documents and data from the risks of an information breach,” Miller continued in a news release.

When it comes to training, 24% of top executives and 54% of small-business owners reported having no regular employee training on information security procedures or policies, according to the report.

Additionally, Shred-it mentioned the number of organizations that regularly train employees on how to identify common cyber-attack tactics, such as phishing, ransomware or other malicious software, declined 6% for top executives and 7% for small-business owners.

“As a society, we are facing new information security challenges every day, from the rise of remote working to increased consumer concern,” said Michael Borromeo, vice president of data protection for Stericycle.

“To protect businesses now and for the long haul, it’s instrumental that leaders reevaluate information security training and protocols to adjust to our changing world and maintain consumer trust,” Borromeo went on to say.

To learn how organizations can better protect their business against data breaches and receive additional survey findings, download Shred-it’s 2020 Data Protection Report by going to this website.