By Kris Lovejoy
As companies and individuals continue to connect in new and exciting ways – through the cloud, mobile technology and social media – each are becoming more informed and empowered. However, this always-on, real-time, hyper-connected world is not without its pitfalls. And while privacy, security, and performance tend to garner the headlines, the growing risk to reputation is gaining increasing attention.
A new study by the Economist Intelligence Unit commissioned by IBM reveals that reputational risks extend far beyond faulty products or shoddy services. Companies face serious risks to their brand if their IT is compromised. From stolen customer data to hacked passwords – an IT security breach can lead to dramatic and negative sentiment about a company and its image.
The study was conducted through interviews and online surveys with more than 400 executives in 23 industries like banking, insurance and energy, where technology is essential to their operations.
Of the executives surveyed, 75 percent said IT risks can impact customer satisfaction and brand reputation, while a striking 61 percent said IT security breaches remain the greatest threat to their company’s reputation.
Yet despite the concern, few of the companies surveyed are doing something about it. For example, although 70 percent of companies surveyed think they can manage IT risks related to data breaches, data theft, and cybercrime, only 32 percent are using the latest security threat intelligence technology. Furthermore, only 13 percent of respondents admit to having endured data theft and/or cybercrime. That’s in stark contrast to recent surveys from such organizations as the Ponemon Institute (The Impact of Cybercrime on Business, May 2012) which calculates that organizations will face an average of 66 cyber attacks per week that cause business disruptions.
The good news is that the study shows companies are beginning to pay closer attention to the connection between IT risk and the risk to reputational in tangible ways. To get a jump on planning, here are some best practices from organizations that engage in reputational risk management:
Be proactive rather than reactive. Be prepared to invest in developing comprehensive reputational risk management strategies that include controls over IT risks—particularly those related to security and business continuity.
- Be proactive rather than reactive. Be prepared to invest in developing comprehensive reputational risk management strategies that include controls over IT risks—particularly those related to security and business continuity.
- Collaboration is key. Create an organization where IT managers work with other risk management specialists. Together they can create a comprehensive profile of organization-wide reputational risks to senior management.
- Anticipate problems. Don’t wait for an incident to happen. There are plenty of case studies to be used as a basis for “what if” planning.
- Don’t forget the supply chain. A failure by a small supplier can be just as devastating as an internal problem, and risk controls can be coordinated across key players. Likewise, B2B companies should collaborate with customers to see that risks are being managed throughout the ecosystem.
To help even further with these growing challenges, IBM today is announcing enhancements and new offerings around security analytics that are designed to help our customers protect their data where it resides.