I’ve been reading with interest the results of the National Computing Centre survey of 98 UK-based organisations entitled Protecting Corporate Reputation and Brand. You can download it here.
Some of the key findings are:
– Most senior managers will readily circumvent corporate policies designed to protect reputation and brand
– Barely half of those surveyed perceive loss of reputation as a high risk
– More than two thirds of companies do not have a formal risk assessment process
More than anything else, the survey highlights the fact that most companies are failing to deliver a set of policies that enable people to actually do their jobs without security getting in the way. It’s a challenge but it can be done if you have a decent process for assessing risk and defining appropriate policy rather than jumping onto the “no you can’t do that” band-wagon. The consequences of getting it wrong are that people will go out of their way to circumvent policy which, as we all know, can lead to much greater problems.
Apparently this survey is “catalyst to a national debate on the nature of risk.” That’ll keep a few old boys busy for a couple of years. In the meantime, I’ll carry on promoting a flexible, risk based approach to policy making.