IT-GRC is on the corporate 2014 plan because "big data" and cloud computing is unsafe when exposed to competitors and hackers
Risks to information (Information risks) are on the management agenda because cyber-attacks command management's attention: Managing digital assets in a new socio-technology environment will explore how businesses assess and manage information risk because all organizations have sloppy employees.
Almost all companies are generating, collecting and analyzing unprecedented amounts of information and data. The strategic importance of this information runs all across the business, for the day to day decision-making process to product development and the related input required from accounting to sales and marketing, but only if the facts and statistics are available to the right people, at the right time and in the right form.
Therefore, when funds are not allocated to IT Security components and issues, it is because it is difficult to give it a monetary value. The difficulty in budgeting IT security is that the company has not developed an IT security framework and a roadmap to quantify its IT-security threats.
Several surveys show that it is a tremendous challenge for companies to assign a monetary value to the types of information threats they contain. However all companies must start placing significant resources & attention, even though it is a rough guess if a violation has not taken place and a IT-security framework is not available.
The most mission-critical data often resides in the finance department; however patents, copyright and industrial design receive priority in the legal department when it comes to assigning a monetary value if the Information risks reach the boardroom agenda.
Discipline
This elevated threat in the GRC risk landscape, technology developments and the growing appreciation of the value of information (often up to 50% of the total assets) are causing businesses across the world to recognize that information as another corporate risk to be managed because;
- Data and information has for long been borderless and beyond the control of individual companies.
- Increased collaboration and data sharing with other companies due to outsourced R&D and open innovation, supply chain integration and outsourcing will continue and thereby increasing the information risks baseline.
Therefore, each company must address and GRC assess the new information risks. It is old fashioned to believe that information risk can obviously be mitigated by technology fixes to hardware and software. We recommend an IT security scheme that encourages closer collaboration, involving all departments to create a culture of awareness and understanding of the substantial of information risk across the organisation.
This article continues next month with a focus on cyber-attacks related to Information risks and managing digital assets.
Added source: The Economist survey.
