Reduce risks to your organization posed by IT operations

IBM Global Study on IT risk finds a link between IT risk and company reputation

Regardless of the cause -- human error, system failures, security breaches, or physical interruptions -- disruptions to operations from IT-related causes can not only damage a company's financial bottom line, it can affect an organization's reputation, which can alter the future economic health of the company. A new study from IBM explains what business continuity and IT security means for a company's reputation.


developerWorks security editors, Staff, IBM

Security icon imageThis article is brought to you by the editors of the developerWorks Security site.

04 November 2013

Also available in Russian

In the recent study, "The economics of IT risk and reputation: What business continuity and IT security really mean to your organization," (see Resources for a link) IBM and the Ponemon Institute evaluate findings from the IBM Global Study on the Economic Impact of IT Risk and provide some interesting insights into the evolution of how both business and IT professionals view IT risk as it relates to business concerns. One of the most insightful quotes from the study comes from an IT security director for a European technology company and reflects a changing realization for business continuity concerns:

"We should change orientation from reactive to proactive and have a more mature risk management strategy in place."

The study digs deeper into the true economic impact of and connection between business continuity and security failures by posing two open-ended questions to 1,069 business continuity specialists and 1,247 IT security practitioners representing 20 industries and 37 countries:

  • "What steps should your organization or industry take to reduce risks to your organization posed by IT operations?"
  • "Looking ahead, what are the changes or trends in the IT landscape that will most increase reputation risk for your organization?"

The study authors share responses that reflect two common concerns —What would you do? and Where is the risk?— and cover the following topic areas:

  • Quantifying the economic impact of disruptions to business and IT operations. How to determine the cost of disruption due to IT, taking into account factors such as:
    • Duration,
    • Likelihood
    • Cost of idle time
    • Cost of forensics
    • Cost to restore
    • Damage to reputation
    • Lost revenue
    • Costs of regulatory failure
  • The reputational risk and IT connection. Although the connection between IT risk and corporate reputation isn't always clear, the study provides an interesting insight: The costs associated with reputation and brand damage increase in proportion to the severity level of the incident. Among respondents, the perception of how IT risk and reputation connect differs from the reality of the situation. Respondents that had not suffered reputational damage found data theft at the top of the list as most damaging to reputation. Those that had actually suffered damage ranked IT system failure at the top of the list.
  • Understanding the threat landscape. Respondent perceptions about the likelihood of threats occurring are largely consistent with reported instances of events. Human error was in the top spot in terms of likelihood, number of disruptions experienced, and projected financial impact.
  • Building the case for business continuity and IT security investments. All respondents thought their disciplines play an important role in organizational success. One unexpected insight was the overwhelming belief (89 percent) that protecting intellectual property was the most important objective of their role; this could reflect the realization of how vulnerable IP is to cyber-attack.
  • Barriers to success. Funding deficits, emergence of disruptive technologies, lack of knowledgeable staff, and growing business process complexity are the top reasons cited as significant obstacles to efficient IT security management programs.



Get products and technologies


  • Get involved in the developerWorks Community. Connect with other developerWorks users while exploring the developer-driven blogs, forums, groups, and wikis.


developerWorks: Sign in

Required fields are indicated with an asterisk (*).

Need an IBM ID?
Forgot your IBM ID?

Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.


All information submitted is secure.

Dig deeper into Security on developerWorks

Zone=Security, DevOps
ArticleTitle=Reduce risks to your organization posed by IT operations