Information Security News mailing list archives
Businesses 'do no grasp IT risks'
From: InfoSec News <isn () C4I ORG>
Date: Wed, 31 Jan 2001 05:16:28 -0600
http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT36N4F6MIC&live=true&tagid=IXLMS1QTICC&subheading=global%20economy By Andrew Bolger, Insurance Correspondent, in London Published: January 30 2001 23:08GMT | Last Updated: January 30 2001 Businesses do not adequately understand the risks posed by technology, have difficulty identifying potential risks and lack the tools to manage them effectively, according to a survey of 1,500 US and European executives, released on Wednesday by St Paul, the Minnesota-based global insurer. The survey of executives responsible for their companies' insurance coverage also indicates that although they take pains to protect computer security, companies are less prepared for new liability risks associated with information technology and e-commerce. "The survey indicates that companies rely chiefly on systems-based protection, such as anti-virus software and computer firewalls, to prevent losses from technology risks," said Kae Lovaas, a vice-president of St Paul. "But that's not enough. Exposures involving intellectual property, privacy and first-party risks from computer fraud, business disruption and denial of service pose significant financial risk to companies doing business on the internet." Mr Lovaas said that compared with more traditional property-casualty risks, companies were poorly prepared for the risks posed by technology and e-commerce. "Not only are companies unsure of the risks presented by their business operations, they also have substantial difficulty understanding what types and levels of insurance coverage they need," he said. Schulman, Ronca & Bucuvalas, the independent New York-based opinion research firm, conducted the survey. The companies surveyed covered a broad range of industries, as well as additional samplings of financial services and high-technology companies. In the US, insurance agents and brokers were also surveyed. The survey finds computer, internet and e-commerce risks are considered among the most important that companies will face in the next few years. Among US corporate risk managers and their insurance agents and brokers, such issues rank second only to employment-related risks. In Europe, risk managers consider technology risks the leading concern. However, only 25 per cent of US and 30 per cent of European companies surveyed had risk management committees or other formal structures to identify and monitor technology risk. Of those companies with such a committee or structure, only half - or about 13 per cent of respondents - felt it was effective. Only about three in 10 risk managers had reviewed the potential technological risks posed by a merger or acquisition involving their companies. "In essence, there is a leadership opportunity on this issue in many companies," Mr Lovaas said. "Senior management has the responsibility to take the lead and foster a partnership approach between their IT departments and risk management functions." Nearly all US and European companies have taken similar steps to protect themselves from technology-related risks, such as installing anti-virus software and firewalls, establishing standard security procedures, and auditing the security of their systems. But only six in 10 companies have implemented employee-training programmes to lower their technology risk. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Businesses 'do no grasp IT risks' InfoSec News (Jan 31)