CGOC Survey Shows Enterprises Still Face High Risk from Immature Information Governance Processes

Eighty-One Percent of Survey Respondents Say Programs Have Improved, yet 66 Percent Identify Remaining Weak Spots as Inconsistent Collaboration and Ad Hoc or Manual Information Governance Processes

AUSTIN, Texas, Nov. 15, 2018 (GLOBE NEWSWIRE) -- The Compliance Governance and Oversight Council (CGOC), a professional forum advancing information governance best practices, reports results of its 2018 Information Governance Benchmark Survey. The study reveals that many organizations trust the current state of their information governance (IG) processes more than their IG process maturity warrants. This gap between perception and reality increases organizational risk and vulnerability. These and other insights in the IG Benchmark Survey report are a call to action for organizations to improve IG processes.

The researchers flagged the perception-reality gap based on incongruous responses from the participants, who were evenly represented across legal, records information management (RIM), security, privacy/compliance, IT and lines of business. Not surprising was that 81 percent cited overall improvements in IG programs since a similar survey in 2010. Yet it was very surprising that 66 percent acknowledged their organizations still experience inconsistent collaboration among information stakeholders and rely on siloed, ad hoc processes. These immature IG processes contribute to higher regulatory, legal and security risks and costs as detailed in the Information Governance Process Maturity Model (IGPMM)

“We’re pleased to share this report because it demonstrates that for many organizations, substantial process maturation is still required before their IG programs can be trusted to reduce risk and costs and to free teams to derive more value from their information,” said Heidi Maher, executive director of CGOC. “Today, an array of tools and best practices are available to turn IG programs into a competitive advantage. To achieve this, executives must invest in process improvement but also measure their programs against the correct benchmarks.”

Based on the standards set forth in the IGPMM, two-thirds of organizations surveyed remain stuck at maturity levels 1 and 2, which means that even after eight years of effort, far too many data management processes are still disconnected and manually driven, leaving organizations exposed to regulatory compliance failures, data breaches and high-cost / high-risk legal discovery. These organizations also face further costs and risks because they are unable to dispose of the huge volumes of data that have no regulatory, legal or business value.

Responses indicating that information stakeholders believe their IG programs are improving include:

  • Eighty-one percent of respondents report progress on IG programs, up significantly from 2010 when only 33 percent had an IG improvement program in place.
  • Seventy-two percent say they have the appropriate level of executive support and leadership, up from only 43 percent in 2010.
  • Seventy-two percent can demonstrate the value of their IG programs across legal & compliance, privacy & security, RIM, IT and business users, up from 50 percent of 2010 respondents, who could show value primarily in legal & compliance.

Despite a sense of general progress, responses reveal significant lingering IG process immaturity:

  • Despite increased executive support, the top challenges to IG process improvement remain enormity of effort (46 percent), budget (43 percent) and inconsistent collaboration (40 percent).
  • In 2010, 98 percent of respondents identified defensible disposal of information as a desired benefit of an IG program while only 22 percent had such a program. Yet in 2018, the number of companies with an automated defensible disposal program in place has risen to only 33 percent.
  • This explains why the volume of enterprise data with no business, legal or regulatory value, which stood at 69 percent in 2010, is still at 60 percent today—creating an unnecessary cost and risk burden.

The CGOC Information Governance Benchmark Survey 2018 was conducted between July 26, 2018 and September 28, 2018. The CGOC Information Governance Benchmark Report 2018 measures IG process improvement since 2010 based on the IGPMM, a 4-tiered guide to improving 22 enterprise processes. Bringing these processes to maturity can reduce the risks and costs associated with evolving compliance and privacy regulations, increasingly expensive legal discovery, ever-growing storage requirements and new data security challenges.

Learn More:

About CGOC (Compliance, Governance and Oversight Council)
CGOC (Compliance, Governance and Oversight Council) is a forum of over 3,800 legal, IT, privacy, security, legal, records and information management professionals from corporations and government agencies. CGOC publishes reference guides and articles and conducts primary research. Its Benchmark Reports have been cited in numerous legal opinions and briefs and its ILG Leaders Guide has been widely referenced and adopted by organizations. CGOC has been advancing governance practices and driving thought leadership since 2004. For more information go to

Media Contact:
Maria Bradley
Kickstart Consulting for CGOC

A photo accompanying this announcement is available at

2018 CGOC State of Information Governance