Home » Topics » Cybersecurity » The security conundrum

The security conundrum

Avatar photoby Ben Rossi

It is time to face up to the facts. IT may be a huge aid to business productivity and efficiency, it can provide differentiation and competitive edge, it can be the basis for new markets and new business models. Technology people love that view; but it is not the reality for large numbers of senior business executives. For them IT is a danger to the business – and if our cover story this month is anything to go by, a danger to their careers.

IT systems fail and for any number of reasons – security flaws, mismanaged planning and acceptance, vendor overselling, bad software. Nevertheless, there is an almost unshakable faith within the ranks of IT that: this time the code will be bombproof, the backup will work flawlessly, the RAID system really does what it says in the brochure. That is a faith that is unhealthy for the business – nor is that kind of thinking ultimately healthy for IT. There is a growing school of thought that IT should be viewed in terms of risk.

To quote at length from one of the most respected authors on organisational change and enterprise systems, Dr M Lynne Markus, professor in information management at Boston's Bentley College: "The business world is beginning to see the value of an integrated approach to identifying and managing business risk: the time is right for the IS field to begin developing an integrated approach to identifying and managing IT-related risk. Not only will such an approach be useful to businesses in their attempts to obtain maximum value from their IT investments, it will also help bring together a large part of IS [thinking] under a common conceptual umbrella. By viewing systems development failure, security breaches and competitive threats as different types of the unitary phenomenon of IT-related risk, it becomes possible to make intelligent, end-to-end trade-off decisions throughout the lifecycles of systems in organisations."

As she highlights, IT is a risky business. But its associated risks can be identified, assessed, monitored and reported on, and that analysis applied to the whole IT portfolio. Only then can the questionably placed faith in technology be supplanted by a faith in IT per se.

Editor: Kenny MacIver

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise