Cyber Security Institute

Thursday, September 11, 2008

Enterprises Struggle to Identify Sources of Risk

Enterprises are putting a good deal of emphasis on risk management these days, but they don’t all agree on how to measure risk, according to a new industry study.  The annual security study, which will be published Friday by service provider BT, offers a look at enterprise security priorities and perceived threats.  The upshot: Although managing risk has become an important thread in IT security, making a business case for security technology is still a challenge.

More than a third of respondents plan to implement risk management tools across all of their business units in the next 12 months; another 26 percent will implement such tools with some business units.  In 2006, about 40 percent of respondents said internal attacks were their top concern; that figure has dropped to 33 percent.

“Given all the attention that’s been paid to user awareness in the past few years, it’s sort of surprising that the user issue continues to be such a big part of the problem,” says Rick Blum, director of strategic marketing at BT.  “This will require quantifying the potential cost of data loss as well as downtime caused by a virus or other attack,” the report states.

“These costs should take into account financial damages (outright theft), recovery costs (notification of affected parties, etc.), and loss of reputation (leading to loss of business).”

http://www.darkreading.com/document.asp?doc_id=163569&WT.svl=news2_1