Feeds

Q: What does risk mean to you?

The changing face of threat

  • alert
  • submit to reddit

Internet Security Threat Report 2014

All businesses face risk of some sort. Traditionally, the risks facing organisations have tended to range from incidents such as a fire in a building or production line, or environmental factors, such as damage sustained by flooding or storms. In past years, such physical risks made up nearly 100 per cent of the major risks faced by business.

Today, some feel that the risk of environmental or natural disaster is still important, but they now account for around 70 per cent of the risk faced by business. The remaining 30 per cent comes from non-manmade sources and much of this is accounted for by the changing nature of business.

One area in which business is changing is that it is becoming increasingly global, with companies looking to outsource non-core aspects of their business in order to gain access to lower cost resources. This places many in unfamiliar business surroundings with new risks, including those of government corruption, security and employee safety.

Not only are businesses facing risks from new sources, but new legal and industry-specific regulations are raising the bar on dealing with risk. These include legal regulations such as Sarbanes-Oxley, which places the onus on senior executives to personally vouch for the quality of the business information that it publishes and which looks set to be replicated across Europe, and industry regulations such as the food safety laws that come into effect in Europe in January 2005, which require greater disclosure of the provenance of all materials used in the production of food items right throughout the supply chain. Coming soon, the Basel II capital adequacy accord will force greater disclosure of the risk profiles of banks and other financial institutions.

However, recent surveys show that perceptions of risk vary widely within organisations and what executives care most about in terms of the risks that they face varies widely according to their area of expertise. A survey undertaken by MORI, on behalf of the UK Confederation of British Industries, asked chairmen, CEOs and other senior executives of UK companies about the greatest risks that their businesses face. The results are interesting, but in marked contrast to those released in 2004 by FM Global, a leading insurance and risk management organisation. The respondents to this survey were drawn from the ranks of CFOs and treasurers, risk management professionals, and investment professionals.

In the CBI survey, 57 per cent of chairmen and CEOs indicate that they are particularly worried about IT and computer network security - but this is in direct contrast to the FM Global survey, where just 11 per cent of risk managers, eight per cent of CFOs and treasurers and three per cent of investment professionals in Europe see risks to IT and telecommunications systems as being severe hazards facing their companies. There are differences among the professionals interviewed by FM Global for its 2004 survey - 72 per cent of CFOs, treasurers and risk managers see property-related threats as the most important threats facing their organisations, compared to just 19 per cent of European investment professionals.

Another marked contrast is that very few of the respondents to the FM Global survey view newer threats, such as sabotage or terrorism, as serious risks to their organisations. In contrast, one third of CEOs and chairmen responding to the CBI survey view terrorist action as the type of security threat causing the most worry, and one fifth cite environmental terrorism. Among these respondents, more mentioned the actions of animal rights activists as being a threat than the danger of fire or flood, especially among larger companies.

The greatest difference can be seen in how investment professionals assess the risks facing business. Whereas CFOs, treasurers and risk management professionals are more focused on property-related risks, 81 per cent of investment professionals point to non-property-related risks as being the most important. Within this category, pricing fluctuations were seen as important risks by 46 per cent of European investment professionals and government and regulatory requirements by 17 per cent. For risk managers, these were seen as important by just nine per cent and one per cent respectively.

But the one area in which respondents to both surveys appear to agree is that companies need to spend more on security than they did previously and that security is of such importance that it needs to be put under the supervision of the board of directors. However, many admit that there is still some way to go and the surveys show that doubts remain about the workability of security plans in practice as well as the ability to keep pace with newly emerging threats.

Taken together, these two surveys show that companies are thinking more seriously about security than they did previously, but gaps remain. In addition, some company officers appear to have their heads in the sand with regard to new risks that they face in their operations, including their ability to comply with new regulations. Industry observers such as investment professionals and analysts appear to be more tuned in as to the risks that these regulations pose to businesses. It is time for businesses to wake up now to the threats such regulations pose to their operations - before the first legal cases are tried.

Copyright © 2004, IT-Analysis.com

Related stories

Counting the cost of security training
Business frets over wireless security
Symantec drives security deep into enterprise

Beginner's guide to SSL certificates

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.