Data security and breach prevention ranks low as a risk factor for most big technical companies, according to new research that identifies the most widespread concerns among the 100 largest U.S. public technology companies. The research, released by BDO, a professional services firm, examines the risk factors listed in the fiscal year 2009 10-K SEC filings of the companies; the factors were analyzed and ranked in order by frequency cited.
Among security risks, natural disasters, wars, conflicts and terrorist attacks were cited by 55% of respondents as a risk concern and was 16th on the list, much higher than breaches of technology security, privacy and theft, which was mentioned by 44% of the companies, putting it at 23rd on the list. Aftab Jamil, leader of the Technology Practice at BDO, said he thoughtbusiness continuity was driving worries about risks like natural disasters and conflicts.
“I think it has to do not only with the general difficulty one might encounter as result, but also, at the end of the day, what they are concerned about is business continuity,” he said. “Can they get back on their feet relatively quickly? If you in the path of a hurricane or an oil spill, can you keep your business going?”
Accounting, internal controls and Sarbanes-Oxley compliance is the 18th largest risk factor this year, according to the list. Jamil pointed to fears of market backlash or perception that could arise as a result of mistakes in complying with the regulations.
“The core risk for companies is, should they have catastrophic failure on their part; be it fraud or error or misapplication of GAAP accounting rules, eventually if this leads to restatement of historical financials, there is not only the cost involved in handling that, but, more than that, there is market perception of what is going on,” said Jamil. “The taint that your reputation might suffer because of that is huge. It’s so easy to lose shareholder value because market reaction might be so negative to any issue that may arise.”
However, despite its appearance in the top twenty, accounting, internal controls and Sarbanes-Oxley compliance fell in rank this year, likely reflecting the increased maturity of those regulations, said Jamil.
While breaches of technology security, privacy and theft was only at 23rd on the list, it was a slight increase over last year, when 30% mentioned security breaches as a risk. (See Data Breach Disclosure Law, State by State.) Jamil said he was still surprised by its lower ranking.
“Given all that is going with media attention being given to this issue, I thought it would inch up higher,” he said. “It would not surprise me if this particular risk factor becomes more prominent in future years. It’s not top-twenty, but it’s not far off from it either.”