We spend lots of time and money on cybersecurity. We vigilantly scan our digital environments to prevent cyberattacks. We use authentication and encryption to make sure data doesn’t get into the wrong hands. And we try to get our people to practice basic email safety.
But the hard numbers reveal that your company is 50% more likely to suffer a business loss as the result of inadequate document governance than it is a data breach.
That’s right. Despite the headlines made by major database breaches, only about half of companies get hit by cyberattacks that actually wind up costing them money. And most of those victims are small businesses with limited cyberdefenses.
According to IDC, on the other hand, more than three-quarters of large enterprises have suffered material loss due to poor document governance.
These material losses include PR crises, loss of clients, loss of employees, compliance failures, and the triggering of costly audits.
What makes this situation particularly unfortunate is that it’s often easier to mitigate document-related risk than cybercrime risk—because the latter requires you to counteract the unknowns of ever-evolving attacker tactics, while the former simply requires you to better govern your known internal behaviors.
How content generates risk
Just about everything we do in business, from specifying a vendor deliverable to outlining a project plan, involves the creation of documents. And every time we create or revise a document—whether it’s a Word doc, a PDF, a PPT deck, or a spreadsheet—we commit content to digital or paper form.
This content then immediately creates risk to the business. That risk can take many forms, including:
- Sensitive, confidential, and/or proprietary information leaked to the outside world inadvertently or maliciously.
- The failure to route a document to the right person at the right time resulting in a missed order or project deadline.
- Circulation of an incorrect document version resulting in a bad customer experience or expensive operational error.
- Careless distribution of email or hard copies resulting in inappropriate exposure of information to internal staff.
If you’ve been in the working world any amount of time, you’ve probably experienced these nightmares and others first-hand. But because these events don’t make the news like major data breaches do, we tend to accept them as part of the cost of doing business.
That’s a mistake. None of these eventualities may in and of themselves bring your business down—although that’s been known to happen—but their collective adverse impact can amount to “death by a thousand cuts.” And it’s totally avoidable.
Mitigating risk, improving productivity
As with any problem, the first step in addressing document-related business risk is to recognize its existence and its magnitude. That’s how you get the resources and the mission champion you need to solve the problem.
The next step is to formulate the right content strategy. Traditional document management, unfortunately, has been somewhat siloed—focusing on a single objective such as easy retrieval or auditable compliance. A better approach is to lay a technical foundation for good, metadata-driven document governance that can then be leveraged to enable rules-based workflows and controls that can address your full range of business objectives, including:
- Risk mitigation and security
- Process reliability and efficiency
- Regulatory compliance
- Improved customer experience
- Digital transformation
After that, you can go ahead with a clear implementation plan. And you don’t have to turn it into a big “boil the ocean” mega-project. One of the great things about good document governance is that you can start with low-hanging fruit—such as an especially sensitive class of document or an especially document-intensive process—and then expand your deployment from there.
The trick is to get started. Most organizations are in denial about the daily costs and risks that result from their document chaos. Many simply believe those risk and costs are an intrinsically unavoidable aspect of business.
Both are wrong. You can make your business significantly safer and more efficient. You just have to start figuring out how.