alphaspirit - Fotolia
I don’t know if you’ve seen this but there was some fascinating research in Ireland recently which found that two-thirds of senior Irish IT leaders believe future company statements to investors should address their data management and security capabilities. This interesting statistic was contained in a press release from BT Ireland concerning the results of research by Amárach headlined: “Data now as crucial as Revenue or Net Profit for Investors, say Irish IT leaders”.
Among the other key findings of the research, Amárach found 62 per cent of respondents believed a company’s data management capabilities in the future would be just as important to investors as profits and assets. Those surveyed also felt a data breach was four times more damaging than the sudden and unexpected departure of a CEO and twice as bad as a profit warning to shareholders, a product recall or a major service outage.
Commenting on the findings, BT Ireland managing director Shay Walsh said: “As technology transforms businesses globally, it is clear that data management, specifically how data is used and secured is going to be crucial for companies, their investors and shareholders alike.”
He argued the research showed the need for companies to invest in the right infrastructure to enable them “to better manage and extract value from data, and ultimately, protect themselves from serious data management risk in the future”.
Now, I’ve no doubt that this is a potentially significant and laudable objective which will help investors to get a better grasp on the risk and value of their investment in a business but I can’t help but wonder if it might also add a layer of complexity to the reporting process that might not be entirely necessary, measurable or objectively valuable.
For instance, companies state their revenue and profit according to recognised and accepted accounting standards. Is it as easy to achieve something similar with data management and data security? From the outside, it feels as if it might be a bit of a bureaucratic headache. Just how trustworthy would those statements of data management and security capabilities be? Who would audit them to ensure they were fit for purpose?
Or would it just be a matter of listing the security standards and accreditations that a company conformed to in its statements. Would there be minimum requirements that investors should look for from companies? Who would set them?
While I don’t think it’s a bad idea in theory, I wonder just how significant the end result will be. Profit and revenue figures provide a snapshot of the health of a company at a point in time, but can statements concerning data and security do the same? For example, there’s a monetary value to those profit and revenue figures but how do you attach a value to the data a business holds and to the way it manages and secures that data?
I’m not disputing that investors might perceive a company’s data management capabilities to be just as important as profits and assets in the future but I’m not sure how they can find a way of proving it to anyone's complete satisfaction.
What I do know, however, is that if investors do come to expect data management and security capabilities to be included in company statements. then channel partners will have a part to play in helping companies to be able to provide that information and back it up.