Building a risk-aware organisation at Iron Mountain

Blogs and Articles

We understand that the key to survival and success lies not in reacting to risk but in anticipating it. Here’s how we build risk awareness for ourselves and our customers.

Larry Jarvis
Larry Jarvis
Chief Information Security Officer
6 December 20235 mins
Hand pull important color block from balance wooden stack
Risk management is more than a singular function within our organisation. It’s what we do every day for ourselves and our customers to build a trusting partnership that not only minimises risk but lays the foundation for stronger resilience. Here’s how we do it.

Today’s global organisations face an ever-evolving landscape of threats. From cyber data breaches to supply chain disruptions, risk factors are spread across an organisation at an all-time high. An organisation’s approach to risk management sets the resilient apart from the vulnerable, and many have transformed in response to these changes. New research conducted by Economist Impact and sponsored by Iron Mountain shows a significant shift from reaction to anticipation when it comes to risk management. Over 90% of executives say risk identification is more important than ever. In addition:

  • Only 29% of organisations have clear policies around risk management and only 22% have clear accountability for risk management
  • 73% of organisations lack standardised evaluation to measure risk
  • And 63% of executives aren’t relying on or thinking about third-party contracts, vendors, and supply chain partners for risk management, failing to establish a risk-aware chain of custody for their records and information storage

At Iron Mountain, we understand that the key to survival and success lies not in reacting to risk but in anticipating it. And this isn’t just a trend: it’s how we’ve done business for over 70 years and a necessity for how we innovate for the future.

It’s never been enough to merely react when risks materialise; instead, we recognise the importance of proactively identifying, assessing, and mitigating potential risks—for ourselves and our customers.

Our legacy of trust is not just about risk within Iron Mountain, but the commitment we uphold to empower our customers around the world to mitigate risks to their brand, reputation, and financial status. When we equip our customers to build risk awareness into their records and information management, asset lifecycle management, data storage, art and archival storage, and more, they bring this kind of trust to their own clients, patients, or citizens. 

Navigating risk from within and beyond

While the concept of risk management might conjure images of specialised departments and experts, the truth is that risk management should be an intrinsic part of every individual’s role within an organisation. Even as the importance of risk anticipation has taken center stage, there’s still room for improvement in cross-functional collaboration. Surprisingly, only 46% of organisations have invested in the creation of enterprise-wide risk management teams, despite the growing emphasis on proactive risk management.

We’ve taken bold steps to embed risk management into the very DNA of our organisation. From establishing board-level risk reporting to patenting innovative locks on our vehicles, our approach is rooted in the belief that everyone within our ranks plays a pivotal role in safeguarding our business and, by extension, our customers’ interests. We recognise that the future demands we all become risk managers in our own right, driving the proactive protection of our organisation and the valuable assets entrusted to us.

Our approach to risk is rooted in the belief that everyone within our ranks plays a pivotal role in safeguarding our business and, by extension, our customers’ interests.

Risk and the acceleration of digital

In the contemporary landscape, one of the most pivotal risk factors that demands our attention is the rapid proliferation of emerging technologies. The acceleration of digital introduces an array of complexities and uncertainties.

The pace of advancement—especially in examples like record digitisation, data creation, and artificial intelligence (AI)—is relentless. And the potential risks continue to evolve and expand. Leaders and risk managers at Iron Mountain are focused on policy, education, and responsible adoption to keep pace with these changes. We are actively developing new strategies, tools, and frameworks to assess, monitor, and mitigate the multifaceted risks posed by AI and other emerging technologies.

Related: Iron Mountain Education Series - Generative AI and Information Governance: Friends or Foes?

Likewise, Iron Mountain continues to grow and evolve to meet the demands of customers’ dependence on digital. From defensible digitising to world-class data centers, we understand the push and pull that comes with embracing new technology and take a proactive approach to mitigating risk while supporting our customers’ journeys to digital.

Cybersecurity, data privacy, and governance, oh my

In addition to protecting over 650,000 IT assets and devices per year, we mitigate data risks for our customers by enabling continuity of service, securely destroying media and IT assets, and providing expert advice related to compliant lifecycle management.

And while protecting physical assets remains crucial to our organisation, we recognise that everyone is now more vulnerable to cyber threats, and we have moved with the market to protect customer data in a digital space.

While the game may change, our commitment to information governance, secure ITAD, and data privacy remains as steadfast as ever. 

Building a risk-aware modern workplace

Organisations are making changes to their real estate in the face of evolving work habits and operational strategies. While real estate changes traditionally center around a shift in the physical workspace (reducing, closing, relocating, etc.), everyone in the organisation has a part to play in optimising resources, ensuring efficient project execution, and reducing risk.

When approaching our own real estate changes, we use a unique approach to build both buy-in and risk awareness among our stakeholders. And we follow the same processes and best practices that we recommend for our customers. 

Risk management has a sustainable future

When it comes to sustainability, Iron Mountain’s path to net zero focuses on reducing energy use, electrifying our systems and vehicles, installing renewable energy systems, and procuring green power to reduce exposure to rising fossil fuel prices and local emissions regulations.

By pursuing our own environmental, social, and governance (ESG) goals and supporting our customers to achieve theirs, we mitigate the risks associated with evolving regulations, climate change, and social inequality and unlock new opportunities.

Prepared for the future

The future of information management is one with increased risks but also increased opportunities. We take pride in our legacy of trust at Iron Mountain: the issues of risk and resilience continue to be driving forces in our daily operations. As part of our commitment to equip leaders to actively mitigate risk and build resilience, we’ve created a resource center with expert recommendations and global insights on these topics and more.