It seems the world is engaged in an endless game of whack-a-mole with cyber thieves intent on stealing our money and privacy. It stinks, and it doesn’t help when employees at companies get careless with safeguarding sensitive information in either digital or analog form, making it easier for it to fall into the wrong hands.

A new survey from data protection research firm Ponemon Institute and document destruction company Shred-It found that 68% of surveyed companies reported a data breach of confidential documents within the past 12 months; of these, 69% say one or more of these data breaches involved the loss or theft of paper documents or electronic devices containing sensitive or confidential information.

The survey entailed 650 people in key positions in North American organizations covering 16 industry classifications. The respondents held positions ranging from information technology and human resources to senior management and business owners.

The financial services industry comprised 10% of the survey pie, and that sector includes banking, investment management, insurance, brokerage, payments and credit cards. 

When isolating the financial services classification, 23% of respondents said their company suffered just one data breach incident within the past year, while 26% reported two to five incidents and 15% reported more than five incidents. Of those reporting data breaches, 74% said one or more of these breaches involved the loss or theft of paper documents or electronic devices containing sensitive or confidential information.

The largest percentage of lost or stolen data pertained to customer/consumer information (46%), employee records such as salaries and employee benefits (36%), and financial statements and information (30%).

Shred-It makes its living providing services including document shredding, hard-drive destruction and workplace privacy policies, so it has a vested interest in helping to point out the potential hazards of sloppy security measures pertaining to confidential documents.

But overall survey results across all of the various industries highlight the common-sense steps that all companies—including those in the wealth management field—can take to protect private information. One of those steps includes paying attention to what you’re doing. For example, 77% of survey respondents said they sent emails containing sensitive or confidential information to the wrong person, and 88% said they have received such emails

Elsewhere, only 38% of surveyed organizations require their employees and contractors to lock their desks and file cabinets, and just 33% said they prevent unauthorized access to document storage facilities.

Part of the issue is that there doesn’t seem to be a high priority placed on protecting old-fashioned analog data. Sixty-one percent of respondents said they are unsure or disagree that the protection of paper documents is just as important as the protection of electronic records.