Why you should sweat the small stuff

CIO - It's never a good night for the IT department when the first person to get hit by a new virus is the CEO.
That's exactly what happened when the W32.Blaster Internet worm slipped onto the notebook of ABM Industries Inc. chief Henrik Slipsager. Slipsager was booting up during a business trip in Los Angeles in August 2003 when the error message that defined the Blaster popped up, paralyzing his machine and millions of others across the globe. The CEO began calling cell phones of top IT staffers in San Francisco looking for help.
"It was 5:30 on a Wednesday," recalls Sean Finley, assistant vice president and deputy director of electronic services at ABM, a $2.3 billion company that provides janitorial, lighting and security services to high-rise buildings. Finley, a 15-year veteran of the company, says he called an ABM Web site administrator in Los Angeles. "I said: 'Listen, you've got to do me a big favor,'" he recalls. Slipsager left his notebook with a hotel bellhop as the employee raced there with antivirus software. The CEO's computer was fixed. But after that night, the way ABM dealt with viruses changed.
Instead of putting out fires, ABM's IT group moved to set up policies that mandate how employees use antivirus software. One user mandate: No network log-on without the latest virus update download.
After disasters like the 2003 blackout in the Northeast and the devastation of 9/11, you'd think CIOs would be wearing hard hats and duck boots to the office. After all, they've been training -- prodded by worried CEOs and boards of directors -- to prepare for the catastrophic: floods, earthquakes, power outages, even terrorist attacks. Not surprising, IT spending on disaster recovery by global financial services companies after 9/11 spiked 19.2% to $3.4 billion -- up from sleepier 3% to 5% annual increases throughout the 1990s, according to Tower Group. Although spending dipped by 6.4% in 2003, businesses are still shelling out unprecedented amounts of their IT budgets on security. An estimated 5.4% in 2003 went to bulk up security compared with 3.1% in 2001, according to Gartner Inc..
Of course, the annoying headaches an IT staff tackles every day might seem insignificant when stacked up against natural disasters. But to the average company, they aren't. The total effect of spam, viruses, software upgrades and other niggling problems is a plague that cost U.S. businesses billions last year. Most CIOs know this. They realize that the real threat isn't Armageddon; it's being nibbled to death by ducks.
"The