The New Era of IT Risk Lies With Your People  

23 October 2015:

Consider this: Each time you, or your customers open a bank account, sign up for online shopping, join a social networking website or book a flight online, vital personal information is changing hands. Names, addresses, credit card numbers, it all adds up. The amount of data being processed now is simply staggering.

Of course, the explosion of customer data has many benefits. The opportunity to create amazing customer insight is based purely on the ability to slice and dice data. As a 2014 IBM poll recently found, 31% of executives from more than 1,000 businesses across the EU now say they use analytics to improve their customer acquisition rates, with nearly three-quarters (73%) of CEOs also saying they now fully understand the need to make customer insight a priority in their organisation1.

IT security has never been so difficult

But, as we all know, there are many dangers too with having, but not securing this data. Protecting the security of the enterprise has never been so difficult. Not only are data breaches from the ‘outside’ increasing in number and increasing their ability to cause organisational damage, in 2014 there were more than one billion personal data records compromised by cyber attacks2 – with the average cost of each stolen record hitting $154, but organisations also need to consider the ‘inside’ threats they have too3.

Everyone is now accountable

This is particularly pertinent right now. Upcoming European privacy regulation assumes that ‘anyone’ who touches, or has access to data is now partly responsible for any data breach that might occur. In effect, the protection of customer data is now responsible by all – a responsibility many security heads may not yet realise.

New ways of working are causing IT problems

And there is another dimension that is impacting this also: the arrival of new ways of working. It’s this that is potentially the greatest internal threat. Employees are now using their own devices, downloading their own apps, and integrating personal devices into the working domain, and corporate systems. Experts call this the existence (and growth) of so-called ‘shadow IT’ – that is information-technology systems and solutions used inside organisations, but without explicit organisational approval – and it is threatening to have a major impact on data security. For not only is this technology that has not been tested as secure, but it’s also rapidly increasing the numbers of people in the organisation who are touching customer data and therefore now partly responsible for it.

Shadow IT risks are underestimated

Research already shows the risk, and added costs attributed to Shadow IT are significantly underestimated. For instance, research finds that the number of unauthorised cloud apps now being used in enterprises is much greater than people ever thought – around 15-20 times greater than CIOs themselves predicted. [The research says IT departments assumed their companies used 51 cloud services; in fact it was 730 on average]. This same research estimates the shadow IT creates a four-five times greater business risk, and a 1 times higher network security risk4.

Each employee and device is a risk

With this is mind, it’s vital security directors understand that each employee, workstation, laptop or smart phone provides a potential opening for malicious attacks. Without proper governance or training, shadow cloud services present significant data security risks including inadvertent exposure of regulated data, improper access and control over protected and confidential data and intellectual property. But, as data from the Ponemon Institute has shown, a staggering 43% of organisations do yet not have training and awareness programs for employees and other stakeholders who have access to sensitive or confidential personal information5.

Join the Risk summit to discuss risk and digital transformation

That’s where we can help. In December the IBM Risk Management Summit, in partnership with CorporateLeaders, will bring together IT experts and peers to network and examine the ever-growing risks and address the digital transformation each organisation is facing.

The average total cost of a data breach to a company is now $3.79 million – and this represents a 23% increase since just 20136. And this cost doesn’t even include the added reputational costs too – which are potentially even greater. All in all, this means this is a summit you simply can’t afford to miss.

Make sure you book your diaries now for what we know will be a fascinating and thought provoking half day of learning. For more information, and for details about how to register, go to the following links. We look forward to seeing you there.

Belgium                                                                                 The Netherlands
Chateau Du Lac, Genval                                              Where: JaarbeursUtrecht
8th December 2015                                                     When: 10th December 2015
Register now!
                                                                       Register now!                                                                                 


1. “Cloud Analytics – Where CMOs, CFOs and CIOs Need to Move To”, IBM study in partnership with CorporateLeaders, May 2015
2. Year of the hack? A billion records compromised in 2014 CNBC
3. Cost of a data breach keeps rising, Ponemon Sullivan Report
4. Shadow IT: It's Much Worse Than You Think, Information Week
5. “Is Your Company for a Big Data Breach? The Second Annual Study on Data Breach Preparedness”, Ponemon Institute, September 2014
6. “Cost of Data Breach Study: Global Analysis”, Ponemon Institute, May 2015

« Back   View List

Our Partners

The Corporate Leaders Network

Tangible Impacts of Accounting Transformation