Thought for the Day:Protect corporate integrity

Hard-hitting IT commentator Simon Moores gives his personal take on the hot issue of the day.Once upon a time, a catastrophe...

Hard-hitting IT commentator Simon Moores gives his personal take on the hot issue of the day.Once upon a time, a catastrophe claimed the reputations of several, very large companies that, in their arrogance, jettisoned all reasonable standards of common sense and corporate governance simultaneously.

These were global brands that failed to realise, as have most other companies, that the critical elements of the business process in the 21st century demand a fresh perspective, a paradigm shift of kinds, involving matters of reputation and risk.

Time for a new acronym perhaps, as if we didn't have enough already. On this occasion, though, it reflects a new business science, one that can take a number of different but related areas, such as information security and ethics and brand management and subject them to what I call "corporate integrity analysis and management" (CIAM).

Enron, Merrill Lynch, Xerox, Computer Associates, Bank of Ireland, the Department of Transport, Norwich Union, Ford. The real list is even longer, but each name reflects a story that has had an adverse impact on the company or department involved and which, in most, if not all cases, is related to a technology, its management and, potentially, the absence of appropriate controls involving internal regulation or policy.

Companies today are more than ever before defined by their brand: McDonald's and Nike to name but two. In a wired society, both the value and public confidence in a brand that has been built up over decades can be destroyed in a matter of hours, either through a single malicious act or through the activities of an individual or group of employees.

I would argue that, in attempting to protect their brands and the business upon which it is based, companies today are failing to see the wood for the trees. Where the arrival of new technology and the Internet may act as a powerful facilitator, it also presents the greatest danger to any enterprise.

This isn't anything new. We all know the risks, both internal and external. There's hacking and viruses. There's the ever-present danger of loose and irresponsible e-mail. There's the liability risk surrounding inappropriate content, plus the questions of ethics and corporate responsibility, and much more besides.

When a brand is compromised, the responsibility will invariably fall at the feet of the CEO, particularly when the value of the stock collapses around his ears, as in the case of eBay when it was hacked by a 17-year-old.

Invariably, however, the problem arises because a vital element of the company's virtual infrastructure has been delegated down the chain of command. This was the case when I asked Jeff Bezos of Amazon two years ago if he was confident that Amazon was secure. From his perspective, this wasn't a business issue, but it quickly became one when the site was attacked not long after.

It's time, I believe, that business took a more holistic view of the connection between risk and reputation. It's no longer sufficient to place anti-virus in one box, corporate liability in a second and business ethics in a third.

We need a better way of assembling the many different pieces of the puzzle into a single picture that better describes the many new risks to business and which can be managed more easily from the top of the enterprise. CIAM is one name for it but, perhaps, you can suggest another?

Are companies too slow to recognise new dangers to their reputations and brands?>> reserves the right to edit and publish answers on the Web site. Please state if your response is not for publication.

Zentelligence: Setting the world to rights with the collected thoughts and ramblings of the futurist writer, broadcaster and Computer Weekly columnist Simon Moores.

Read more on IT risk management