Prior to acquiring a new asset like the lovely digger in the picture above, a business would assess:
- Can we afford it?
- Do we buy outright or lease?
- What will be the on-going costs be?
- maintenance; etc.
- Do we have the skills in the organisation to us it?
- Can anyone use it or do we need to train a specific cohort of people to use it?
- What risk come with owning it?
- Could it be stolen?
- What happens if it breaks down?
- Could it increase the damage we could do,over a man and a spade? (I don’t work in construction)
- if we become reliant on it what will be happen if it is no longer there?
So why don’t these similar questions get asked about the information assets a company owns. But would the company who buy the digger necessarily think the same way about their information assets? Do they view information as an asset? It appears that many business, large and small don’t and don’t view the tools they use to access information as an asset either. What would they do though if the information they have come to rely on and take for granted was unavailable?
Without access to information, how long would the average company last? There is a massive amount of information about this on the internet, some ‘facts’ I have found include:
- 30% of all businesses that have a major fire go out of business within a year. 70% fail within five years. (Home Office Computing Magazine).
- 60% of companies that lose their data will shut down within 6 months of the disaster.
- 93% of companies that lost their data centre for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster. 50% of businesses that found themselves without data management for this same time period filed for bankruptcy immediately. (National Archives & Records Administration in Washington).
- Companies that aren’t able to resume operations within ten days (of a disaster hit) are not likely to survive. (Strategic Research Institute).
So why would an organisation spend time and effort assessing the business risk around a asset like a digger and not do the same for their information assets. It is no more difficult is it?
Well it probably is. For one thing information is not tangible any more. Pre-computers it was , one could hold it, see it know where it was. Today it is a bit mysterious. But there is more of it and we are actually more reliant on it. Secondly, for years the technology industry has been selling the message – information is safer stored electronically.
A whole industry has grown up around information security and with it a culture. One that is cloaked in mystery and techno speak. Language that is not aligned to business. A language that can generate massive amounts of FUD (Fear Uncertainty and Doubt) and this is probably the major issue.
Nearly 30 years ago when I first ventured into IT we revelled in our own language. A language that made us feel special, aloof and expensive! After many spectacular IT failures the profession realised that to achieve success it had to align to business needs and work alongside the business to deliver goals. I see parallels emerging with the Security Industry. We need to better align with business and make the risks associated with information relevant to the business. Understand what the business wants to achieve and help them do that safely, easily and cost. We need to work alongside the business. The ‘C’ word – Cyber (oh heck I’ve said it), it scares many businesses leaders into inertia, so let’s reduce the use of it and speak our cutomers’ language and we where that get us.
Feature image by: www.gotcredit.com