Reputational risk and IT security: Not your usual snoozefest


Please don’t fall asleep before the end of this post!

Sleeping BusinessmanIf you are anything like me, the thought of reading an entire blog about IT security is yawn-inducing at best. For some reason every time the topic comes up, I find my eyelids suddenly growing heavy. I say this, of course, with the utmost respect for IT security professionals.

Why would a self-proclaimed security snoozer write a blog post about IT security? Another one bites the dust. No, I’m not referring to the first person falling asleep reading this. I’m referring instead to the latest company dealing with the news media frenzy surrounding an IT breach of customer data.

Reputational damage now has a price tag

Building a reputation is like running a marathon; losing one is like a sprint. This is particularly true in the highly networked world we live in. One tweet turns into thousands, seemingly in the blink of an eye.

The economic value of a company’s reputation declines an average of 21 percent as a result of an IT breach of customer data, according to a study by the Ponemon Institute.

That’s no small potatoes when it comes to lost business—an average of US $332 million. That number, in my mind, is staggering. It is the conversation starter, the reason to develop a proactive strategy around IT security and risk management.

The complexities of IT security and reputational risk

The price tag for reputational damage might start the conversation, but it certainly won’t end it. IT security is a tricky business. Investment in security is a challenge to quantify.

Several factors play a key role in helping organizations to develop an effective strategy for reputation and IT risk management:


Consumers are more willing to share data, particularly private data, with companies they trust. In return consumers expect a more personalized client experience. They also expect that their data will be safe. Building trust with a consumer is important for an organization’s brand. A Forrester Research report found that 70 percent of consumers trust brand recommendations from friends.

The impact of a system failure or compromised data from a trusted consumer can be devastating to an organization’s brand.

New infrastructure models

Social, mobile and cloud challenge the status quo in IT security. Security has to be flexible to allow those new infrastructure models to be effective, but strict enough to prevent disaster.

C-Suite alphabet soup

The Chief Information Security Officer (CISO) and Chief Risk Officer (CRO) are responsible for cyber security and risk management. Recently companies have created a Chief Digital Officer (CDO), who is responsible for anything related to the company’s digital presence. Cooperation and a shared vision among those corporate roles are essential in a comprehensive reputational and IT risk management strategy.


Every industry has different regulations and restrictions. As a consumer I have different expectations of financial institutions than I do of retailers. Government and industry regulations can drive some of the IT security discussions. Considering the client expectation should be part of the discussion as well.

IBM Smarter ComputingThe silver lining here is that many companies already have the necessary technology to address reputational risk: Enterprise Systems, the PureSystems family and Smarter Storage. Start developing your strategy by knowing what you already have in place and building on that.

Investing in security, in most cases, shows no top line revenue growth, no increased profitability and no new market share. Lack of investment in security, however, could results in losses of all of the above, as well as a tarnished reputation. Seek the balance.

Find out how your organization compares to companies with “excellent” reputations by using the IBM Reputational Risk Index.

If you are still awake, let me know you made it! Leave a comment or connect with me on Twitter.

Karin Broecker currently leads a team of software architects in making sense of the IBM software portfolio to help address business challenges. Karin has tackled the big three in STG: System z, Power Systems and Storage. In addition, her background includes application development, IT architecture, education and people management. She loves building a strategy, practicing yoga and enjoying life. Follow Karin on Twitter: @kbreks

Redbooks Thought Leader

Smarter Computing Analyst Paper - HurwitzTo effectively compete in today’s changing world, it is essential that companies leverage innovative technology to differentiate from competitors. Learn how you can do that and more in the Smarter Computing Analyst Paper from Hurwitz and Associates.

Subscribe to the Smarter Computing Blog
This entry was posted in Data Security and tagged , , , , , , , . Bookmark the permalink.

Recent Posts

Goodbye IBM Smarter Computing, hello IBM Systems!

Catherine Nicholson

IBM Smarter Computing is now IBM Systems! Read on to visit our new IBM Systems blog, as this blog is sunsetting and will no longer publish new posts.

Continue reading

Will middleware be more secure on the cloud?

Rod Anami

One key concern about middleware in this new era is security. We saw a true plethora of issues last year, including super-bugs and flaws. How do we address these security breaches being affected by the cloud, for better or for worse?

Continue reading

Leave a Reply

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>