In the recent study, "The economics of IT risk and reputation: What business continuity and IT security really mean to your organization," (see Resources for a link) IBM and the Ponemon Institute evaluate findings from the IBM Global Study on the Economic Impact of IT Risk and provide some interesting insights into the evolution of how both business and IT professionals view IT risk as it relates to business concerns. One of the most insightful quotes from the study comes from an IT security director for a European technology company and reflects a changing realization for business continuity concerns:
"We should change orientation from reactive to proactive and have a more mature risk management strategy in place."
The study digs deeper into the true economic impact of and connection between business continuity and security failures by posing two open-ended questions to 1,069 business continuity specialists and 1,247 IT security practitioners representing 20 industries and 37 countries:
- "What steps should your organization or industry take to reduce risks to your organization posed by IT operations?"
- "Looking ahead, what are the changes or trends in the IT landscape that will most increase reputation risk for your organization?"
The study authors share responses that reflect two common concerns —What would you do? and Where is the risk?— and cover the following topic areas:
- Quantifying the economic impact of disruptions to business and IT operations. How to
determine the cost of disruption due to IT, taking into account factors such as:
- Cost of idle time
- Cost of forensics
- Cost to restore
- Damage to reputation
- Lost revenue
- Costs of regulatory failure
- The reputational risk and IT connection. Although the connection between IT risk and corporate reputation isn't always clear, the study provides an interesting insight: The costs associated with reputation and brand damage increase in proportion to the severity level of the incident. Among respondents, the perception of how IT risk and reputation connect differs from the reality of the situation. Respondents that had not suffered reputational damage found data theft at the top of the list as most damaging to reputation. Those that had actually suffered damage ranked IT system failure at the top of the list.
- Understanding the threat landscape. Respondent perceptions about the likelihood of threats occurring are largely consistent with reported instances of events. Human error was in the top spot in terms of likelihood, number of disruptions experienced, and projected financial impact.
- Building the case for business continuity and IT security investments. All respondents thought their disciplines play an important role in organizational success. One unexpected insight was the overwhelming belief (89 percent) that protecting intellectual property was the most important objective of their role; this could reflect the realization of how vulnerable IP is to cyber-attack.
- Barriers to success. Funding deficits, emergence of disruptive technologies, lack of knowledgeable staff, and growing business process complexity are the top reasons cited as significant obstacles to efficient IT security management programs.
- Explore the topics in this article. Download the recent study, "The economics of IT risk and reputation: What business continuity and IT security really mean to your organization," to gain interesting insights into the evolution of how both business and IT professionals view IT risk as it relates to business concerns.
- Start your journey to implement IT security through pragmatic, intelligent, and risk-based practices at Security on developerWorks.
- Explore developerWorks IT security from a different perspective. Take a look at the weekly Security on developerWorks newsletter.
- Follow developerWorks on Twitter.
- Watch developerWorks on-demand demos ranging from product installation and setup demos for beginners, to advanced functionality for experienced developers.
Get products and technologies
- Evaluate IBM products in the way that suits you best: Download a product trial or try a product online.
- Get involved in the developerWorks Community. Connect with other developerWorks users while exploring the developer-driven blogs, forums, groups, and wikis.