Does risk management feel like this?
Desperate man running after fast removals van, juggling with stuff that’s falling off the back
It doesn’t have to!

Information is the life blood of modern commerce, and is as exposed to risk as any other corporate asset, but the extent and variety of the risks are still not fully appreciated by many organisations.

Indeed almost all corporate risk ultimately reduces to information risk, as only by being fully informed and assured of the integrity and validity of information can you manage risk at all.

While ‘hacking’ and data breaches receive the greatest public attention, they are only a small part of your problem. The totality of the risk includes not only hazards to the information itself, but the possible extent of consequential and collateral harm from, for example:

relying on incomplete or inaccurate information
not having sufficient rights in the information
failures by third party data processors
non-compliance with statutory obligations

But it is both eminently possible and and indeed ultimately economic to minimise exposure to hazards such as these by implementing robust proactive risk management. Among the fundamental keys to success in achieving this are:

appreciation of the wider consequences of incidents
ready access to independent legal guidance
robust monitoring of both internal and external change
solid understanding of the core principles of risk
excellent communication up, down and sideways throughout the organisation

Above all, though, risk management has to be a continuous activity, rather than, for example, relegated to an annual exercise in the name of compliance.

All content and presentation (excepting public domain and credited images) © 2001-2025 Michael Barwise