05 Mar 2009
In an economic downturn, firms need to increase the effectiveness of their information risk management as early as they can. But those that seek to cut the cost of their risk management activities are accelerating their own possible demise.
In the current climate, the last thing managers need is a data security disaster getting in the way of winning or holding on to business. Today companies of all sizes are exposed to computer security breaches. And with the average cost of a security breach between £10,000 and £20,000, that’s exposure that few leaders can afford.
Electronic attacks are now largely automated, seeking out unprotected targets online and finding and attacking unprotected connections within minutes. Highly sophisticated and equally automated threats lurk on web sites across the internet, within emails and in the physical world.
Information security is an increasingly important boardroom topic, regardless of the economic conditions. That is being driven by three factors. Data protection concerns are causing a proliferation of legislation and regulation; the rise of cybercrime is intensifying the need for firms to take appropriate steps to protect their valuable information assets; and financial regulators are ever more interested in the robustness of companies’ financial records.
Faced with the combination of challenging operating conditions and such compliance strictures, robust risk identification and management is becoming an indispensable component of any company’s survival strategy. Continuity plans must be drawn up to militate against business disruptions ranging from power cuts to system or supplier failures.
In a downturn, financial failure is a significantly enhanced risk for most businesses. This risk should be analysed in detail, early in the down cycle and new or improved controls put in place to mitigate the risks. Those firms with an effective and robust corporate governance regime will already know this and their risk reviews will be well advanced.
Alan Calder is a BCS distributor
Good piece. Though I'd say risk management consists of multiple categories: operational risk, financial risk, reputation risk, market risk and strategic risk. Related to these categories are various forms of business value - all the forms of value that are necessary for a business' long-term success, from the viewpoint of key stakeholders eg shareholder value, customer value, partner value, employee value, manager value, societal value, intellectual capital and business model.
Information is the golden thread that binds together all these forms of risk. Information risk management therefore plays a crucial role in every area of risk management. By definition, information risk management is a vital part of the constant effort needed to ensure that business value is created rather than destroyed.
Posted by: Tim Kipps (ArmstrongAdams) 13 Mar 2009
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
