At the relatively young age of 30, Rick Davis has just had reconstructive knee surgery and expects to have no less than three similar operations in the coming years, including both ankles and the other knee. Yet Davis could be considered healthy and in great shape. So why the surgeries? "I don’t want to be 40 years old with aches, pains and nagging injuries slowing me down," says the former Stanford University football player. Such preemptive surgery could almost be considered a representation of his
current profession-risk management.
Davis is the co-founder and strategic marketing and corporate development officer of Insuretrust.com, an Atlanta-based e-business risk management firm that focuses on companies whose operations rely on internal and external computer networks. "We have created a new space that combines the best elements of information security, consulting, risk management and insurance," explains Davis. "By combining these disciplines into a unified e-business approach, we effectively address all the critical exposures that affect e-business, the Internet and networked computer environments."
The very same electronic connections that allow us to conduct business and communicate with business partners can be compromised by hackers or unscrupulous employees. Insuretrust conducts full-scale analyses that identify the areas of risk in your business and helps to protect them. Surprisingly, even with the myriad technologies and points of entry that comprise most corporate networks, Davis says the most common security risks are related to human error and miscommunication. However, the risk of a security breach could be reduced if upper management paid careful attention to security issues. Here are the top three problems Insuretrust routinely addresses:
- Lack of a companywide security policy. Many companies don’t tell users how to protect their information and how to use networked resources
- accordingly. This is an accident waiting to happen.
- Lack of executive sponsorship of security initiatives. Senior executives need to be an integral part of the security solution, which should also be a line item in the budget.
- Lack of integration between business decisions and IT decisions. In the e-business environment it is imperative that decisions are made based on both business and IT considerations. For example, if the marketing department wants to create a shared network with its business partner, it is essential to have an IT perspective to make sure all security and infrastructure considerations are addressed from the beginning.
Although internal breaches of security are still the most common type, there has been a dramatic rise in the number of successful "attacks" from the outside. Earlier this year Information Security magazine conducted a survey of over 700 companies that revealed a 91.6% increase in the number of companies suffering unauthorized access (hacking/cracking) intrusion between 1998 and 1999. "Companies conducting e-commerce suffer more frequent attacks than those that don’t," says Andy Briney, editor in chief of Information Security. Fewer than 100 of the companies that suffered these invasions attributed a dollar amount to the attack-yet the total exceeded $23 million.
"Traditional insurance companies insure