Skip to main content

The value of your information

Information asset management

The cost of replacing physical assets is tangible and straightforward to calculate but putting a value on information is a lot more complicated.

What is the cost of losing a partner's research information or intellectual property? In most cases the cost of misplacing or losing information may be very little. However, the theft or inappropriate disclosure of university confidential information can escalate into substantial costs to the university and its financial and reputational abilities and also cause distress to individuals. ​

What are the consequences?

The cost of losing sensitive university information is not simply the cost of replacing it. In fact it can have many serious repercussions.​

The consequences for lost or leaked sensitive information could include the following: ​

  • ​​Monetary Cost
  • Cost of litigation
  • Fines for breaching Data Protection Laws
  • Damage to the University's competitive position and future
  • Jeopardise commercially Sensitive Stakeholder Projects
  • Reputational damage – Considerable embarrassment and reputational damage to the University / loss of existing and potential customers
  • Personal consequences – Substantial impact on University business that leads to loss of income, disciplinary action and job losses in extreme cases

Who's responsible?

Cyber and Information Security is often thought of as the responsibility of Cyber and Information Technology Managers and their teams, but this is not the case. Information Security is the responsibility of everyone who uses IT and accesses information by computer. If individuals fail to follow university protocols or detect breaches, then the measures are rendered ineffective. If you handle sensitive university information, it is imperative that you: ​
  • Understand its value and classification and ensure that the information is labelled in accordance with the university's information classification scheme
  • Respect its classification and handle the information appropriately, Recognise the vulnerabilities of IT systems and physical risks that exist in and out of the campus
  • Are familiar with the procedures to mitigate those risks
  • Are fully aware of the consequences should university information be compromised
  • The University's information is classified into one of three classification levels.
  • We must respect its classification and handle the information appropriately.
  • Please consult your line manager, CIST or the University's Data Protection Officer for more information.