You are currently on IBM Systems Media’s archival website. Click here to view our new website.

POWER > Systems Management > Security

New IBM and Ponemon Study Examines the Economics of IT Risk and Reputation

Illustration by Martin O’Neill

Most IT professionals cringe when a new data-breech report hits the public airwaves—then they pray it never happens to them. Though every business cares about avoiding IT failures, the incentive to enact change would be greater if executives truly understood the cost of a failure.

IT failures are many and varied; they can be caused by human error, system failures, security breaches and disruptions to data center operations such as power failures and natural disasters. How do you measure the total cost that results from an organization’s inability to provide an acceptable level of service in the face of interruptions to normal operations? Consider, too, the reputational consequences. What’s the cost of damage to a company’s image or brand value as a result of poor controls, failed processes, IT downtime, data theft and compliance violations?

The Ponemon Institute surveyed:
1,069 business continuity specialists and 1,247 IT security practitioners representing 20 industries and 37 countries Human error is the cause of 70% more disruptions than IT professionals anticipate

According to Patrick Corcoran, global business development executive at IBM, many clients ask what impact a disaster would have to their businesses if critical information can’t be accessed because the IT environment is unavailable. Finding the answer to this can be a struggle.

Studying Risk

In 2010, IBM began a series of risk studies to provide valuable information to its clients. In July 2013, IBM extended its research on IT risks by asking the Ponemon Institute to conduct a study that would research the link between IT failures and reputational risk. The IBM Global Study on the Economic Impact of IT Risk is the largest independent research study measuring the financial and reputational consequences of business disruptions caused by business continuity or IT security failures.

“This study was unlike any other study we’ve previously done,” Corcoran says. It’s an effort to help clients understand risk so they can address potential threats and improve the resiliency of their businesses. “The main point of this is that every company’s reputation is critical,” he adds.

Larry Ponemon, chairman and founder of the Ponemon Institute, says IBM’s recognition of the need to raise awareness of the importance of business continuity and IT risk management is the driving force behind the survey.

The Findings

The results of this study were used to quantify the economic impact of IT failures in terms of the cost to an organization when a failure occurs. Respondents were asked to estimate the cost of a failure based on three categories: minor, moderate and substantial. The respondents indicated that failure at the minor level of downtime lasts an average of 19.7 minutes. Moderate and substantial levels last an average of 111.8 and 442.3 minutes, respectively. Sixty-nine percent of the respondents said their companies would likely have a minor disruption in the next 24 months, while 37 percent said their businesses would likely have moderate disruption, and 23 percent indicated a substantial disruption.

With an estimated average cost per minute of $53,210 for a minor disruption, $38,065 for a moderate disruption and $32,229 for a substantial disruption, the total cost adds up quickly when multiplied by the estimated number of minutes provided by the respondents.

Caroline Vitse is a freelance writer based in Rochester, Minnesota.



2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.


Analytics Can Be Your Best Defense Against Corporate Fraud


Apply Best Practices to Satisfy Regulatory Standards

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store