Skip to main content

Smarter Security and Resilience

An intelligent approach to risk management reveals opportunities for innovation

Building a Smarter Planet
Protecting data and people on a smarter planet


IBM Global IT Risk Study
560 professionals talk about IT risk―and what they’re doing about it

From "experience and react" to "anticipate and adjust"

Imagine if someone tried to break into your house. Now imagine it happening 60,000 times a day.

That's how many times the average company's IT infrastructure is attacked. There have been 354 million privacy breaches over the past five years in the United States alone. And in January 2009, one cybersecurity incident reportedly resulted in 130,000,000 credit cards being compromised.

But malicious attacks are just one type of risk faced by global enterprises. There are business-driven risks that include audits, new product rollouts, financial risk, fraud and even failure to comply with government standards. And event-driven risks such as natural disasters, regional power outages, acts of war and economic downturns. All of these can be minimized if you anticipate threats and plan accordingly.

IBM emphasizes the importance of secure data and systems on a smarter planet.

Building a Smarter Planet: A smarter planet is a more secure planet.

The digital instrumentation and global interconnection of our planet are generating a treasure trove of information. This data can help us tackle broad, systemic problems and inefficiencies that have vexed the world for decades—in areas ranging from traffic congestion and energy to food safety and healthcare. That holds enormous promise.

It also raises new challenges. By one estimate, the volume of created content will quintuple in the next two years—to more than 2.5 zettabytes. (A zettabyte is a 1 followed by 21 zeros.) Seventy percent of that content will be created by individuals who have no responsibility to secure it—but most of what they produce (85 percent) will wind up in environments controlled by organizations that will have that responsibility.

At the same time, according to the FBI, cybercrime is now more widespread than narcotics, and its techniques are evolving, its targeting becoming more focused. The average company's computer infrastructure is attacked nearly 60,000 times every day. There have been 354 million reported data privacy breaches over the past five years in the United States alone.

Further, the digital and physical infrastructures of our world are increasingly merging, infusing our power grids, banking systems, retail supply chains and city streets with intelligence. Are we now exposing them to the same risks as our Web sites?

While there is no "silver bullet" to completely protect such a vast, complex and dynamic reality, new, holistic approaches are succeeding in strengthening security across enterprises and critical infrastructures. The emerging "secure by design" model is based on how people, processes and technology come together in a unified system. It embeds protective measures and features at key points, and uses high-speed data analytics to help uncover threats before attackers launch them. It also enables multiple systems to work together to enhance the security and sustainability of the whole.

Dallas-based electricity distributor Oncor has deployed a smart meter network that is also a more secure meter network. It provides integrity to energy data, creates Web-based trust with consumers—and has saved nearly $250 million.

At New Zealand's Westpac bank, fraud detection tools use a combination of rules and predictive analytics to help identify constantly changing credit card fraud patterns.

Through fraud intelligence, a commercial bank in Germany reduced the time it takes to check its money-laundering watch list from 8–12 hours to less than 15 minutes.

And as healthcare becomes a growing target of threats, some in the industry are adopting two-factor authentication for physical and digital assets in order to enable hundreds of authorized people—and only authorized people—to access patient information. Others in the industry "de-identify" patient profiles and medical images before they are aggregated.

Across multiple industries and sectors of society, security is a key component of our planet's vital systems. And those systems are shared—and shaped—by businesses, cities, government agencies and communities. Which means that, as these systems get smarter, we all have the collective responsibility to also make them secure and reliable. Fortunately, this is a future we can have—if we come together with forethought to design security and privacy for a smarter planet.

Let's build a smarter planet.



Security is the posture taken to protect people, assets, data and technology across an entire enterprise. Resilience is the ability to rapidly adapt and respond to business disruptions and to maintain continuous business operations.

How ready are you?

Where is your enterprise vulnerable? Do your risk management activities consist of quick responses to today’s threats, or do they actually help you better manage risk for the business?

Find out how your company measures up on core risk-management disciplines. The risk management self-assessment tool helps you gain an understanding of how thoroughly your organization is implementing the three core disciplines of mature risk management efforts:

  • Effective risk governance
  • Solid IT foundation
  • A culture of risk awareness

Business continuity and resiliency self-assessment tool.

71% Percentage of CIOs planing to make additional investments in risk management and compliance. Source: IBM Global CIO Study, The New Voice of CIO, 10 September 2009.

It's no longer enough to implement a costly infrastructure and set of tools to minimize the impact of risk and recover from disruptions. Security cannot solely be the job of regulators or a stand-alone corporate department. Organizations need to develop an intelligent business strategy that takes into account risk management. Businesses, cities, communities, government agencies and all of civil society share—and shape—our planet's critical systems.

Learn more in the IBM Global CIO Study, "The New Voice of the CIO"



Dubai Gold & Commerce counts on real time information

In the Middle East, the Dubai Gold & Commodities Exchange can mitigate threats by identifying exposures, protecting every single transaction as it moves through the system. Real-time intelligence provides preemptive protection, instilling confidence in an industry where trust is of the utmost importance. In three years, the exchange has maintained 99.9% system availability while eliminating all security breaches and outages associated with virus or worm-based attacks.

The USGA eyes a green of quick recovery

After experiencing explosive growth in data and rich media, the United States Golf Association (USGA) needed to evolve its reliance on traditional backup storage procedures for timely access to mission-critical data. IBM implemented a remote data protection solution that would protect 590GB of the USGA's critical data on a daily basis with a seven day retention period. This data would be made available to the USGA when needed through IBM-assisted restoration. The solution also included an onsite appliance to help protect the USGA's data in a timely fashion and provide for an improved point of operational restore.

CSX stays on track for 24/7/365 operation

The rail system of CSX Corporation services 23 US states and two Canadian provinces. But it's only a revenue engine when the trains are running, so any downtime means assets are not delivered and revenue is not collected. IBM disaster recovery facilities ensure that the railroad gets back up and running in the event of an outage, with real time recovery point objectives.

How do we build a smarter planet?

Ask IBMers (US)

Find a Business Continuity & Resilience Center near you
Click to view our global locations (US)

Take a holistic approach to business-driven security
Register to download the white paper

Secure by design: identity-based security in today's information systems
Register to download the white paper

Building a strategy for security and risk management
Register to download the white paper