Despite advances, companies continue to implement methods that often only protect their IT infrastructure from outside action.
The available data seem to confirm the general awareness within the company of the existence of a particular digital risk. Business leaders and employees see digital insecurity as one of the main threats to their business.
Therefore, according to a survey, the following conclusions were reached:
- Employees put digital flaws at the forefront of threats. In this area, the greatest danger for 55% of respondents is loss or theft of information. Overall, 75% of employees say digital risk poses a major threat to their company's brand image.
- Business leaders rank digital insecurity as the third top security concern, including reputational risk. 42% of the people asked think that the loss or theft of information poses a danger to their companies.
Of these, 44% fear that IT risk will lead to unavailability of business tools. Therefore, the main threat to business leaders relates to contractual commitments and the capacity of the company.
The difference in perception is undoubtedly explained by the fact that business leaders face risks to business survival that are actually more obvious: destruction of assets, theft, fraud, etc.
Although the importance of digital risk for the operation of companies is accepted, the level of risk and adequacy of the budgets allocated to digital security may be wondered.
In addition, the management of legal obligations in terms of data security is further complicated by the fact that large international companies are subject to different and more or less restrictive legislation depending on the countries in which they operate.
Therefore, the United States or the United Kingdom has implemented legislation that allows security services to obtain the supply of data if they are hosted on their territory.
This results in very heterogeneous budgets devoted to digital security, representing a share ranging from 1% to 6% of the company's budget for information systems.
On average, companies dedicate about 2% of their turnover to the security of information systems and digital data.
However, this share does not fully reflect the investments made. In fact, many players participate indirectly in IT protection without this being their primary responsibility.
These elements show that the majority of companies are investing in digital security and allocating budgets that seem substantial.
Despite these budgets, the security of desktop computers and corporate networks is critical to the current evolution of digital risks, and in particular the uses of their employees.
Companies have really put technical hurdles in their systems by following the recommended technical rules since the early 2000s. But they are very vulnerable at the level of information manipulation to the day-to-day practices of employees and their decision makers.
Except where the technical system was very restrictive and filtering, the effectiveness of formidable and costly barriers to technical architectures was often bad password practices, misuse of USB keys, dangerous sites to access, use of unsecured personal mobile terminals, or quite simply the loss of documents.
Indeed, the need for security for accessing certain mobile devices, smartphones, laptops, USB keys and services in the clouds, which are rarely equipped with their own security solutions, is still greatly underestimated.
The quality of arguments and technical or qualitative factors also affect the credibility of information and therefore the impact it can have on the public.
Pressure groups emerge spontaneously in the context of crises. It arises little by little, for example, under the cumulative influence of dissatisfied consumers or certain problems. It makes it possible to temporarily increase the structuring and effectiveness of such movements.
It can also lead to intense communication campaigns, multiplying the appearance of more or less coordinated personal initiatives.
In addition, the Internet has several features that have an impact on the dissemination of information and the management of image by both individuals and companies:
- There is no right to be forgotten on the Internet. Data is kept without time limit. The network creates a very important archive base. There is new data as well as old information. These are all search engines, online encyclopedias, etc. may be subject to links generated by tools.
The development of indexing and archiving tools leads to the recording and protection of all Internet pages that are repeatedly brought online, regardless of their future.
- Indexing of content by search engines brings all data to the same level of trustworthiness for users, regardless of source.
- Various web2.0 tools are interconnected and use interoperable formats. Therefore, information or rumors spread quickly. It can be enriched with additional elements: videos, recordings, texts or images, etc.
- Multimedia are tools that make it possible to save, reproduce and download digital data on the web at almost zero cost.
- Each person can copy a large amount of data on private or semi-private spaces on their mobile phone, on a key or on a portable hard drive and ultimately online. Distribution on the Internet and in all possible media is facilitated by multiple publishing tools: RSS feeds, blogs, podcasts, tweets, etc.