Cyber risks are not just an IT problem

Risk to company data is growing, says research

IT security is the job of a risk manager reporting to the board

UK businesses are sleepwalking into dependence on IT as the gap widens between increased cyber risks and the measures taken to manage them, according to research.

The 2007 Risk Report from consultants Aon found that the risk to company data is growing both in terms of the number of incidents and their severity: the UK government estimates computer crime is costing UK business about £2.5bn every year.

'Based on the Department of Trade and Industry 2006 Information Security Survey and the longer recovery times we are seeing, companies could lose up to an estimated £1.2m in revenues per incident by not working out their IT risks and addressing them effectively,' said Shaun Cooper, network risk consultant at Aon.

Aon’s Risk Report warns that internally generated risks should be the greatest worry to businesses.

Greater use of outsourcing and the extension of global supply chains have added to the complexity of information management. An accelerating pace of mergers and acquisition activity further complicates the issue of network risks that many companies have yet to even recognise.

'Companies who fail to manage their data stores will risk regulatory censure, together with loss of customer confidence,' said Cooper.

'Companies need to ensure that their culture is data-conscious from top to bottom. Technology has gone as far as it can in terms of protecting the network. IT security is now a job for the risk manager reporting to the board, not just for the people in charge of the technology itself.'