'Corporate security still at risk despite painful lessons: EIU report
SINGAPORE (AFP) Oct 19, 2003
Corporate security worldwide is still at risk despite painful lessons learned from terrorism, the SARS epidemic and countless virus and hacker attacks, according to a business survey.
"Business leaders are more aware of security dangers, but need to do much more to prepare," research group Economist Intelligence Unit (EIU) said after conducting a global poll.
The report found that very often the danger is within the company itself, with disgruntled or corrupt employees and lax controls over computer passwords compromising the security of information systems and valuable data.
In Asia, with Severe Acute Respiratory Syndrome (SARS) threatening a comeback, there is a new danger that companies will suffer again now that the crisis has passed and regional economies are on the upswing.
"Once the crisis was over, there was very little done to institutionalise learning and get ready for the next crisis," Hugh Bucknall, head of Mercer Human Resources Consulting in Asia, told the EIU.
"Companies need to look at a broader range of threats and have mechanisms to deal with them," he added.
Corporate security is heavily tilted towards information technology (IT) or protection of physical assets and personnel, following the 2001 terrorist attacks in the United States and countless virus and hacker incidents.
But Dr Goh Moh Heng, executive director of Disaster Recovery Institute Asia, said that "SARS created a new scenario that most planners would not have thought of: denial of access to people."
Uncertainty about how the SARS virus is transmitted forced companies to segregate employees. One bank even imported virus-proof medical "space suits" to enable IT employees to continue working even if infected by SARS.
Asian health officials fear that SARS might make a comeback during the traditional flu season in the winter months.
SARS infected more than 8,000 people and killed nearly 800, mostly in East Asia, after it appeared in southern China almost a year ago.
The crisis, which peaked in the second quarter, was estimated to have caused billions of dollars in economic damage, especially to tourism and related industries.
The EIU study, conducted for telecommunications giant Nortel Networks, included a poll of 178 international business executives and interviews with corporate and regulatory figures.
For many executives, the wake-up call came when two jetliners slammed into the World Trade Center in New York on September 11, 2001.
Former New York mayor Rudolph Giuliani, who became a folk hero for his handling of the attack's aftermath, wrote in a foreword to the EIU report that businesses today face threats that would have been unimaginable 20 years ago, but few are doing enough to prepare for major contingencies.
"Many organisations do not have the contingency plans needed to manage the loss of a facility. Security officials are often too junior, making it likely that these issues won't receive the attention and resources they deserve," said Giuliani, now a prominent consultant.
New laws and regulations emerging in the United States are forcing top executives to be more vigilant or risk facing heavy fines, even prison terms, for damaging breaches of security.
Regulators outside the United States are also beginning to take interest in corporate security, the EIU report said, and a growing number of organisations have created the post of Chief Security Officer (CSO) to coordinate efforts against threats and contingencies.