Information technology risk, IT risk, IT-related risk, or cyber risk is any risk related to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization’s business processes or mission, ranging from inconsequential to catastrophic in scale.
Assessing the probability or likelihood of various types of event/incident with their predicted impacts or consequences, should they occur, is a common way to assess and measure IT risks. Alternative methods of measuring IT risk typically involve assessing other contributory factors such as the threats, vulnerabilities, exposures, and asset values.
Your IT systems and the information that you hold on them face a wide range of risks. If your business relies on technology for key operations and activities, you need to be aware of the range and nature of those threats.
Types of risks in IT systems
Threats to your IT systems can be external, internal, deliberate and unintentional. Most IT risks affect one or more of the following:
- Business Or Project Goals
- Service Continuity
- Bottom Line Results
- Business Reputation
- Security
- Infrastructure
Examples of IT risks
Looking at the nature of risks, it is possible to differentiate between:
- Physical threats: Resulting from physical access or damage to IT resources such as the servers. These could include theft, damage from fire or flood, or unauthorised access to confidential data by an employee or outsider.
- Electronic threats: Aiming to compromise your business information – eg a hacker could get access to your website, your IT system could become infected by a computer virus, or you could fall victim to a fraudulent email or website. These are commonly of a criminal nature.
- Technical failures: Such as software bugs, a computer crash or the complete failure of a computer component. A technical failure can be catastrophic if, for example, you cannot retrieve data on a failed hard drive and no backup copy is available.
- Infrastructure failures: Such as the loss of your internet connection can interrupt your business – eg you could miss an important purchase order.
- Human error: Is a major threat – eg someone might accidentally delete important data, or fail to follow security procedures properly.
Managing various types of IT risks begins with identifying exactly:
- The type of threats affecting your business
- The assets that may be at risks
- The ways of securing your IT systems
Criminal IT threats
Specific or targeted criminal threats to IT systems and data include:
- Hackers: People who illegally break into computer systems
- Fraud: Using a computer to alter data for illegal benefit
- Passwords theft: Often a target for malicious hackers
- Denial-of-service: Online attacks that prevent website access for authorised users
- Security breaches: Includes physical break-ins as well as online intrusion
- Staff dishonesty: Theft of data or sensitive information, such as customer details.
Natural disasters and IT systems
Natural disasters such as fire, cyclone and floods also present risks to IT systems, data and infrastructure. Damage to buildings and computer hardware can result in loss or corruption of customer records/transactions.