Operational Risk and Organizational Risk

Electronic crime has increased the organizational risk that corporations face. With physical crime operations tend to bear the greatest risk. Six or seven years ago organizations could focus on securing its operations in order to deal with it greatest risk. If a truckload of product were stolen, the loss would often be the company's greatest exposure. The Internet has initiated such changes as: i) Financial identities can be obtained (i.e. stolen) and sold by people thousands of miles away; ii) Laws have been implemented to protect consumers and employees from having their identities stolen as a result of corporate negligence; and iii) Penalties and sanctions can, when made public, result in a loss of approximately 17% of a corporation's market capitalization for at least a year following the breach, in addition to damages. This loss of shareholder value along with a loss by the brand makes the organizational risk greater than that borne by the operations. The corporation suffers very little, it at all, when its customers' financial identities are purloined...at least the direct loss is very little. The litigation that follows is now the major risk factor. A competent security plan protects the corporation from this organizational risk.