With the growing number of business failures attributable to IT, it’s getting hard to keep up with them all. Who can forget the IT-enabled bungling of the Facebook IPO. And now we have the Knight Capital hash – where a mistake in a high frequency trading program has created an existential threat to the firm. IT-led business failure at RBS has also contributed to an existential threat, with government leaders now considering full nationalization.
Notably, the IT problems at Nasdaq, Knight and RBS were not IT security problems. Rather they were problems in the use or the quality of the software itself. Traditional IT security methods of focusing on threats and vulnerabilities, operational security, will not help in managing these types of systems risks.
In the Gartner CEO survey, just 9% identified IT systems and security risks as one of their top risk management priorities — and they were split half and half between the systems risks and the security risks. Since IT can maim or kill your business, perhaps corporate leaders need to think a bit harder about IT risks as business risks.