In the wake of the hacking of Sony’s Playstation network, data experts and business leaders have warned of the risks facing companies attempting to increase their use of data.
“We will see the failure of an organisation through data loss,” according to…
In the wake of the hacking of Sony’s Playstation network, data experts and business leaders have warned of the risks facing companies attempting to increase their use of data.
“We will see the failure of an organisation through data loss,” according to George Davies, the risk management leader of Marsh insurers.
Davies was speaking at the 2011 Marsh CMT conference, which was focussing on the increased importance of data to enterprise value creation and the risk issues that this use of data would bring.
Risks of “data breaches” – loss of information and reputation
According to Alan Jamieson, the European sales manager for the US IT security firm Verdasys, companies are now spending a combined US$10bn a year to mine and manage data.
He said: “The more you can share data and collaborate, the more you grow revenue.”
But he added that this collaboration brought risks, citing figures that 11.1 million people worldwide were victims of identity theft in 2009.
Companies do not just have to worry about their own defences. They also consider those of their partners and suppliers.
Paul Bantick, who works on professional liability for the insurer Beazley, made the point that 50% of all data breaches with companies to date have been caused, not by the companies themselves, but by service providers.
Bantick said that many companies focus on the idea that “I must get my shop in order” with respect to data breaches, but in practice it often is not their fault. While they have fulfilled every promise they have made, they can still face a PR disaster.
“It’s not always your own shop that you have to worry about,” he said.
The director of consultancy at the IT security firm Information Risk Management, Paul Midian, pointed out that while it may be difficult for hackers to produce a breach in the system once, the same attack was subsequently much easier to conduct because the attack code could be copied or downloaded.
He also highlighted the “attribution problem”, the difficulty of finding the perpetrators of a crime when they can potentially melt away into the internet.
As the Sony case suggested, another key risk resulting from a data breach can be reputational.
One Marsh speaker cited the words of US investor Warren Buffett: “It takes 20 years to build a reputation and five minutes to ruin it.”
Data use set to grow – despite the risks
The experts emphasised preparation as a means to avoid data breaches and lessen the adverse impact if they do occur.
There was also a broad consensus that the opportunities of using data outweighed the risks.
The chief executive of the Centre for Economic and Business Research, Douglas McWilliams, said that he believed the next three or four years would be a period of very high IT infrastructure investment.
This was despite the fact that he saw other business investment only growing at a sluggish rate.
