Many UK companies will disappear in the coming year because of poor computer security - but firms can protect themselves There has been so much hype surrounding computer hacking and other types of 'cyber-crime' that we are in danger of looking in the wrong direction, assuming that will not happen to us. Anyone who has seen the movie WarGames will know that a teenager nearly starts World War Three after hacking into the Pentagon's security computer - an extreme example of how the media has made this into a subject far removed from our idea of everyday reality.
The truth is that digital threats to the modern business are with us now, but they are much more mundane.
Nearly a third of data wipe-outs are caused by employee error. You are more likely to lose valuable information through accidentally dropping a laptop than because of computer hacking. Whatever the cause, the loss is invariably disruptive; and it can sometimes have devastating consequences.
This is such a new area that there are relatively few pieces of dependable research. We do know, however, that hundreds of UK businesses will disappear in the coming year as a direct result of losing information held in computers; that companies which lose their data for 10 days or longer never make a full financial recovery;
that recent research in Germany shows digital failure there is thought to cost business at least £6.7 billion every year.
Architecture is a good example of a profession that routinely uses IT.
Information held electronically can be, along with your staff, one of your most valuable assets. It is also vulnerable. The chances of losing your data are far greater than, say, of your offices burning down. We nearly all implement a range of costly fire-prevention measures, as well as buying fire insurance. Yet how many architects' practices have taken similar steps to protect their IT systems?
Most at risk are small companies with fewer than 250 employees - a definition that encompasses nearly all architectural practices. Unlike large corporations, they do not usually have dedicated IT or risk-management teams. Research by MORI shows that more than three-quarters of small and medium-sized enterprises have no coordinated policy on the subject of digital security. They also believe - wrongly - that any digital mishap would be covered by existing insurance policies. In short, they are leaving this vital area largely to chance.
So, what can be done? Any riskmanagement process involves three stages: identifying the risk; reducing it as far as possible; and then transferring the remaining risk to an insurer.
Starting with identification, there are broadly two categories of potential weakness - internal and external.
Apart from staff error, internal risks can include sabotage by disgruntled employees; confidential client or other information getting into the wrong hands; website failure; harddisk collapse; and defamatory material appearing either in an e-mail or on a website.
External factors include most types of 'cyber crime'. PricewaterhouseCoopers calculated recently that this alone is costing global business some US$1.4 trillion annually. It often comes in the form of viruses imported via e-mails, although hacking is also a real and growing problem.
Apart from possible financial gain, some hackers regard it as little more than a hobby; they are anti-social individuals, who see entering organisations' computer networks as a challenge, and are oblivious to the damage they may cause.
There are many specialist IT consultants who can advise on how to mitigate the dangers of digital failure.
Simple precautions include installing systems that automatically provide electronic back-ups for your documents; staff training to minimise the dangers of importing viruses or accidentally wiping essential information;
and the use of 'firewalls' to keep out electronic intruders.
Once you have done what you can, you must then come to terms with the fact that complete digital security is no more possible than making your home 100 per cent burglar-proof; that is where insurance comes in. It is a sad irony that the smaller companies are the least likely to purchase digital insurance, even though they are usually the most exposed.
A number of specialist insurers will provide this cover, which starts at a few hundred pounds. They will also provide free advice, because they have a vested interest in reducing the chances of a loss; indeed, most insist upon certain security measures before they will issue a policy. Many insurance products place an emphasis on securing data retrieval in as short a time as possible, rather than pure financial compensation, because your first priority in these situations is to get the business fully up and running again.
Contact your insurance broker for more details. There is also further information for small businesses that use technology in the Small Business section of www. thisismoney. co. uk Stuart McMillan is vice-president, Europe, of Safeonline, the world's largest digital risk insurer