IT directors list cyber threats as top priority

Firms failing to report attacks on their IT, phishing, unexpected cyberattacks and cyberterrorism are the four biggest "banana...

Firms failing to report attacks on their IT, phishing, unexpected cyberattacks and cyberterrorism are the four biggest "banana skin" risk areas for IT leaders in 2004, according to a report by the Real Time Club based on a debate and membership survey at the end of 2003.

With the rise in awareness of IT risk as part of overall corporate risk management, the Real Time Club, many members of which are City-oriented IT professionals, aimed to set out a prioritised list of risk areas. This list was influenced by the annual Banana Skins Report from the Centre for the Study of Financial Innovation, which identifies broader finance sector business risks.

So far, the Real Time Club's embryonic list is qualitative, drawing on responses from 26 members, but all are well placed to understand the state of the IT industry.

Five of the top 10 risks relate to internet-based attacks on information systems. Concealment of attacks was viewed as the most severe risk, closely followed by phishing - the use of spoof websites and e-mails to elicit confidential information from users.

The danger of unexpected attacks and cyberterrorism followed. At number 10 on the list was the risk of spam halting the internet. Hackers uniting to hit systems with multiple attacks was taken seriously in 11th place.

"Most of these are relatively new phenomena and are new risks we all have to accept and manage if we are to enjoy the benefits of ubiquitous computing and communications," said the report.

The risk of the National Grid failing was in fifth place, reflecting IT leaders' concern over the power outages experienced in London last autumn.

The demands of data protection were ranked sixth, with fears they could prevent the effective conduct of e-commerce.

The impact of offshore outsourcing on the UK economy, in seventh place, was seen as a growing risk to the IT industry.

The headache of users installing unauthorised software or hooking up their own IT to the corporate network was ranked eighth. This problem is often driven by inneffective communication between IT staff and end-users leading to unsatisfactory systems that encourage end-users to find their own solutions.

Government plans for personal ID cards were considered to have a high risk of failure, which could result in expensive consequences for users' trust in IT and the development of public services systems.

Real Time Club

Founded in the 1960s, the Real Time Club has an eclectic membership of 150 innovators and thinkers from across the IT industry, including IT users, suppliers, academics, politicians, civil servants, and venture capitalists. The group, which meets five times a year, is accountable to nobody and its meetings are off the record. It is influential behind the scenes and on-going "think-tank/ pressure group" interests include education, finance and quantum computing.

Read more on IT risk management