My article this week discusses the business risks associated with cyber security. It lists many statistics about how many organizations are attacked and the amount of money and reputation lost as a result of these attacks. I don’t disagree that it seems like every day we hear more and more attacks and new vulnerabilities being exploited. I do, however, disagree with the conclusion that the author has drawn as a result of the increased focus on cyber security. The author asserts that cyber security is just now becoming a business risk instead of an IT issue and that executives now need to focus on it more. I think that cyber security has always been a business risk and not just an IT issue, but executives are just now starting to listen to what IT professionals have been telling them for ages. IT is often part of the solution to fix cyber security vulnerabilities, but organizations have always been wrong to classify cyber security as a solely IT issue and I think they are finally starting to realize this as a result of the impact on businesses we have seen from cyber incidents.
Do you agree with me or the author of the article? Has cyber security always been a business risk or is it now becoming a business risk because of the increase in the frequency and severity of cyber incidents?
https://www.forbes.com/sites/edelmantechnology/2017/10/11/cyber-security-is-a-business-risk-not-just-an-it-problem/#1c064ba77832
Younes Khantouri says
Amanda,
I do believe that cyber attacks are not only an IT problem but it can be a big business problem. A good example of that, when Target’s customers credit cards database attacked in 2013, not the only IT department was influenced because it has to work on securing the organization system, but the company lost so much business since the customers stop trusting using their credit cards in the stores or online.
Very interesting article that aware so many companies don’t invert on building a strong IT security department to start soon to do so.