Invest in Information Security to beat downturn risks

By Alan Calder, Chief Executive of IT Governance Limited

Alan Calder, Chief Executive of information security experts IT Governance Limited, looks at how managing information security risk rises in importance as a management imperative in any economic downturn

“When the economic tide goes out, you see who’s been swimming without any clothes on.” This famous dictum (from the pen of the world's richest man Warren Buffet) sums up in a nutshell the argument why organisations need to increase the effectiveness of their information risk management activity as early in an economic downturn as they can. Those organisations concentrating on a search for cost cuts in their risk and business continuity management activities are, in effect, accelerating their own possible demise.

The risks are particularly acute in the current economic situation – now acknowledged as the worst since 1929. In the middle of such a difficult operating environment the last thing managers need is a computer or data security disaster getting in the way of winning or holding on to business. The fact is today organisations of all sizes are exposed to computer security breaches – whether loss, fraud, theft, automated hacking attack, sophisticated blended phishing, spam attacks etc. And with the average cost of a security breach somewhere between £10,000 and £20,000 that's exposure that few business leaders can any longer afford.

All sizes of business are exposed to the same hostile electronic environment and data compliance requirements. Electronic attacks are now largely automated, seeking out unprotected targets on the Internet, finding and attacking unprotected connections within minutes. Highly sophisticated and equally automated threats lurk on websites across the Internet, within e-mails and in the physical world. Data Protection Act (DPA) compliance is also a feature that affects all sizes of economic unit. And after the highly publicised failures of organisations like HMRC, even the smallest organisation is now potentially in the gun-sights of the Information Commissioner. Expect to see the rate of prosecutions here increase – and the number of £5,000 fines.

The fact is, information security is an increasingly important boardroom topic, regardless of local economic conditions anyway. That's being driven by three factors. Data protection and privacy concerns are causing a proliferation of legislation and regulation you need to comply with; the rise of 'cybercrime' is intensifying the need for organisations to take appropriate steps to protect themselves and their valuable information assets; and financial regulators are ever more interested in the robustness of your financial records.

Faced with the combination of challenging business operating conditions and such compliance strictures, robust risk identification and management is becoming an indispensable component of any organisation’s survival strategy. The entire range of possible business 'discontinuity' events – from power outages to system or supplier failures to acts of nature – become events for which defensible continuity plans are essential.

The message has to be that in the current credit crunch the last thing you should be doing is skimping on your IT security framework – as it could well be the Trojan Horse that leads to the collapse of your entire company.

IT Governance Ltd is exhibiting at Infosecurity Europe 2009, the No. 1 industry event in Europe held on 28th – 30th April in its new venue Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit

Alan Calder is Chief Executive of IT Governance Limited, an organisation offering a range of information security resources. He is author of ‘Managing IT in a Downturn’. The guide is available from

Courtesy: Infosecurity PR