Data breaches not among top concerns for tech firms

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.networkworld.com/news/2010/052410-data-breaches-not-among-top.html?hpg1=bn

Data security and breach prevention ranks low as a risk factor for
most big technical companies, according to new research that
identifies the most widespread concerns among the 100 largest U.S.
public technology companies. The research, released by BDO, a
professional services firm, examines the risk factors listed in the
fiscal year 2009 10-K SEC filings of the companies; the factors were
analyzed and ranked in order by frequency cited.

Among security risks, natural disasters, wars, conflicts and terrorist
attacks were cited by 55 percent of respondents as a risk concern and
was 16th on the list, much higher than breaches of technology
security, privacy and theft, which was mentioned by 44 percent of the
companies, putting it at 23rd on the list. Aftab Jamil, leader of the
Technology Practice at BDO, said he thought business continuity was
driving worries about risks like natural disasters and conflicts.

"I think it has to do not only with the general difficulty one might
encounter as result, but also, at the end of the day, what they are
concerned about is business continuity," he said. "Can they get back
on their feet relatively quickly? If you in the path of a hurricane or
an oil spill, can you keep your business going?"

Accounting, internal controls and Sarbanes-Oxley compliance is the
18th largest risk factor this year, according to the list. Jamil
pointed to fears of market backlash or perception that could arise as
a result of mistakes in complying with the regulations.

"The core risk for companies is, should they have catastrophic failure
on their part; be it fraud or error or misapplication of GAAP
accounting rules, eventually if this leads to restatement of
historical financials, there is not only the cost involved in handling
that, but, more than that, there is market perception of what is going
on," said Jamil. "The taint that your reputation might suffer because
of that is huge. It's so easy to lose shareholder value because market
reaction might be so negative to any issue that may arise."

However, despite its appearance in the top twenty, accounting,
internal controls and Sarbanes-Oxley compliance fell in rank this
year, likely reflecting the increased maturity of those regulations,
said Jamil.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php