Business continuity, not data breaches, among top concerns for tech firms
CSO - Data security and breach prevention ranks low as a risk factor for most big technical companies, according to new research that identifies the most widespread concerns among the 100 largest U.S. public technology companies. The research, released by BDO, a professional services firm, examines the risk factors listed in the fiscal year 2009 10-K SEC filings of the companies; the factors were analyzed and ranked in order by frequency cited.
Among security risks, natural disasters, wars, conflicts and terrorist attacks were cited by 55% of respondents as a risk concern and was 16th on the list, much higher than breaches of technology security, privacy and theft, which was mentioned by 44% of the companies, putting it at 23rd on the list. Aftab Jamil, leader of the Technology Practice at BDO, said he thought business continuity was driving worries about risks like natural disasters and conflicts.
"I think it has to do not only with the general difficulty one might encounter as result, but also, at the end of the day, what they are concerned about is business continuity," he said. "Can they get back on their feet relatively quickly? If you in the path of a hurricane or an oil spill, can you keep your business going?"
Accounting, internal controls and Sarbanes-Oxley compliance is the 18th largest risk factor this year, according to the list. Jamil pointed to fears of market backlash or perception that could arise as a result of mistakes in complying with the regulations.
"The core risk for companies is, should they have catastrophic failure on their part; be it fraud or error or misapplication of GAAP accounting rules, eventually if this leads to restatement of historical financials, there is not only the cost involved in handling that, but, more than that, there is market perception of what is going on," said Jamil. "The taint that your reputation might suffer because of that is huge. It's so easy to lose shareholder value because market reaction might be so negative to any issue that may arise."
However, despite its appearance in the top twenty, accounting, internal controls and Sarbanes-Oxley compliance fell in rank this year, likely reflecting the increased maturity of those regulations, said Jamil.
While breaches of technology security, privacy and theft was only at 23rd on the list, it was a slight increase over last year, when 30% mentioned security breaches as a risk. (See Data Breach Disclosure Law, State by State.) Jamil said he was still surprised by its lower ranking.
"Given all that is going with media attention being given to this issue, I thought it would inch up higher," he said. "It would not surprise me if this particular risk factor becomes more prominent in future years. It's not top-twenty, but it's not far off from it either."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts