IT security company Symantec claims an international survey it conducted last year shows that ICT departments are broadening their concept of risk beyond a narrow focus on security.
Asked about the risks to their operations, an increasing number of ICT shops ranked availability, performance and regulatory compliance alongside or even above security failures.
This “more holistic” perspective probably reflects greater experience with doing business online and more complex networked involvement with partners, says Peter Sparkes, Symantec’s senior manager of consulting services for the Asia-Pacific-Japan (APJ) region.
Of the 405 IT professionals interviewed for the survey, 113 were from the APJ region and they showed themselves to be more aware than average of the broader risk perspective, Sparkes says (the Australian and NZ numbers were not broken out separately). This, however, may have been partly a statistical artefact, he acknowledges, as more of the APJ organisations surveyed were large and more likely to be involved in critical areas such as finance or government.
This year’s survey asked for the first time about data loss and organisations showed a keen awareness of this risk. This may owe something to publicity over major incidents of this kind, such as the loss last year by the UK revenue and customs authority of more than seven million families’ financial records.
However, the survey suggests, ICT departments’ awareness and reporting of data loss incidents still underestimates their likely frequency.
Availability and performance are risks of a more subtle nature than security breaches, says Sparkes.
The analysis attempts to cost the likely impact of apparently small shortcomings. “One percent loss in labour productivity is just five minutes of an eight-hour day. But for a US or Western European organisation of 10,000 employees, that same loss costs approximately US$4.25 million (NZ$5.46 million) in wages every year,” the report says.