Feeds

Q: What does risk mean to you?

The changing face of threat

  • alert
  • submit to reddit

Internet Security Threat Report 2014

All businesses face risk of some sort. Traditionally, the risks facing organisations have tended to range from incidents such as a fire in a building or production line, or environmental factors, such as damage sustained by flooding or storms. In past years, such physical risks made up nearly 100 per cent of the major risks faced by business.

Today, some feel that the risk of environmental or natural disaster is still important, but they now account for around 70 per cent of the risk faced by business. The remaining 30 per cent comes from non-manmade sources and much of this is accounted for by the changing nature of business.

One area in which business is changing is that it is becoming increasingly global, with companies looking to outsource non-core aspects of their business in order to gain access to lower cost resources. This places many in unfamiliar business surroundings with new risks, including those of government corruption, security and employee safety.

Not only are businesses facing risks from new sources, but new legal and industry-specific regulations are raising the bar on dealing with risk. These include legal regulations such as Sarbanes-Oxley, which places the onus on senior executives to personally vouch for the quality of the business information that it publishes and which looks set to be replicated across Europe, and industry regulations such as the food safety laws that come into effect in Europe in January 2005, which require greater disclosure of the provenance of all materials used in the production of food items right throughout the supply chain. Coming soon, the Basel II capital adequacy accord will force greater disclosure of the risk profiles of banks and other financial institutions.

However, recent surveys show that perceptions of risk vary widely within organisations and what executives care most about in terms of the risks that they face varies widely according to their area of expertise. A survey undertaken by MORI, on behalf of the UK Confederation of British Industries, asked chairmen, CEOs and other senior executives of UK companies about the greatest risks that their businesses face. The results are interesting, but in marked contrast to those released in 2004 by FM Global, a leading insurance and risk management organisation. The respondents to this survey were drawn from the ranks of CFOs and treasurers, risk management professionals, and investment professionals.

In the CBI survey, 57 per cent of chairmen and CEOs indicate that they are particularly worried about IT and computer network security - but this is in direct contrast to the FM Global survey, where just 11 per cent of risk managers, eight per cent of CFOs and treasurers and three per cent of investment professionals in Europe see risks to IT and telecommunications systems as being severe hazards facing their companies. There are differences among the professionals interviewed by FM Global for its 2004 survey - 72 per cent of CFOs, treasurers and risk managers see property-related threats as the most important threats facing their organisations, compared to just 19 per cent of European investment professionals.

Another marked contrast is that very few of the respondents to the FM Global survey view newer threats, such as sabotage or terrorism, as serious risks to their organisations. In contrast, one third of CEOs and chairmen responding to the CBI survey view terrorist action as the type of security threat causing the most worry, and one fifth cite environmental terrorism. Among these respondents, more mentioned the actions of animal rights activists as being a threat than the danger of fire or flood, especially among larger companies.

The greatest difference can be seen in how investment professionals assess the risks facing business. Whereas CFOs, treasurers and risk management professionals are more focused on property-related risks, 81 per cent of investment professionals point to non-property-related risks as being the most important. Within this category, pricing fluctuations were seen as important risks by 46 per cent of European investment professionals and government and regulatory requirements by 17 per cent. For risk managers, these were seen as important by just nine per cent and one per cent respectively.

But the one area in which respondents to both surveys appear to agree is that companies need to spend more on security than they did previously and that security is of such importance that it needs to be put under the supervision of the board of directors. However, many admit that there is still some way to go and the surveys show that doubts remain about the workability of security plans in practice as well as the ability to keep pace with newly emerging threats.

Taken together, these two surveys show that companies are thinking more seriously about security than they did previously, but gaps remain. In addition, some company officers appear to have their heads in the sand with regard to new risks that they face in their operations, including their ability to comply with new regulations. Industry observers such as investment professionals and analysts appear to be more tuned in as to the risks that these regulations pose to businesses. It is time for businesses to wake up now to the threats such regulations pose to their operations - before the first legal cases are tried.

Copyright © 2004, IT-Analysis.com

Related stories

Counting the cost of security training
Business frets over wireless security
Symantec drives security deep into enterprise

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.