Survey: Business continuity, not data breaches, a top concern for tech firms
A new “risk factors” list from consultancy BDO finds security worries about data leakage are not top of mind – at least as expressed in their SEC filings.
Research released by BDO, a professional services firm, identifies the most widespread risk factors among the 100 largest U.S. public technology companies. One of the most dramatic increases was in companies’ concerns associated with properly executing corporate strategies (68%, contrasted with only 27% in 2009 and 52% in 2008) despite the anticipation of rebounding economic conditions.
In line with the previous two years, strong competition ranked as the leading risk factor (94%). Failure to develop or market new products/services tied for the top spot at 94 percent, up from 91 percent in 2009. General economic conditions were more of a concern post-recession, rising to 93 percent from 85 percent last year and only 73 percent in 2008. Changes to federal, state and local regulations (88%) continue to weigh heavily on technology companies, remaining consistent with previous years (81% in 2009 and 87% in 2008), trailed by management of current and future M&A or divestitures (86%, the same as in 2009 and 2008).
These findings are from the 2010 BDO RiskFactor Report for Technology Businesses. The report examines the risk factors listed in the fiscal year 2009 10-K SEC filings of the 100 largest publicly traded U.S. technology companies; the factors were analyzed and ranked in order by frequency cited.
“There is always competition and consolidation in the tech sector, but because of the economic turbulence in the last two years, its effects can be particularly severe for tech businesses. They lost valuable employees due to downsizing; as the economy stabilizes, companies need to regain key personnel to serve the resurgence and jumpstart innovation,” said Aftab Jamil, leader of the Technology Practice at BDO. “Companies increasingly view that they either need to strategically adopt or risk ceding their business to others. This makes for lots of opportunity, including for smaller businesses.”
The following is the list of the top 20 Risk Factors of the 100 Largest U.S. Technology Companies:
|
2010 Rank
|
2009 Rank
|
||
|
1.
|
Competition and consolidation in technology sector
|
94%
|
1
|
|
1T.
|
Failure to develop or market new products/services
|
94%
|
2
|
|
3.
|
U.S. general economic conditions
|
93%
|
6
|
|
4.
|
Changes to Federal, State and Local regulations, including tax
|
88%
|
9
|
|
5.
|
Management of current and future M&A or divestitures
|
86%
|
4
|
|
6.
|
Risks associated with international operations
|
83%
|
3
|
|
6T.
|
Inability to attract or retain personnel, including management
|
83%
|
8
|
|
8.
|
Legal proceedings
|
80%
|
11
|
|
9.
|
U.S. and foreign supplier/vendor concerns
|
75%
|
10
|
|
10.
|
Intellectual property infringement
|
74%
|
5
|
|
11.
|
Failure to properly executive corporate strategy
|
68%
|
27
|
|
12.
|
Product liability, quality and safety issues
|
64%
|
15
|
|
13.
|
Predicting customer demand
|
63%
|
12
|
|
14.
|
Cyclical revenue (and resulting fluctuations in stock price)
|
57%
|
7
|
|
15.
|
Pressures on pricing, margins and cost cutting
|
56%
|
17
|
|
16.
|
Inability to acquire capital or financing
|
55%
|
19
|
|
16T.
|
Natural disasters, war, conflicts and terrorist attacks
|
55%
|
14
|
|
18.
|
Accounting, internal controls and Sarbanes-Oxley compliance
|
54%
|
13
|
|
19.
|
Labor concerns
|
49%
|
28
|
|
20.
|
Credit or financial risk of customers, vendors, suppliers
|
48%
|
23
|
Further findings of the 2010 BDO RiskFactor Report for Technology Businesses:
- Labor Concerns Double. In the downturn many businesses were forced to make layoffs and are now limited in their ability to hire. This could account for technology businesses doubling their concern about their labor force in 2010 (49%) as compared to 22% in 2009 and 26% in 2008. This year it will be even more important to retain key personnel and management. Loss of these valuable players can impact companies’ ability to maintain/regain competitiveness (83%) and jumpstart innovation as the economy improves.
- Regulatory Uncertainty Remains. U.S. technology companies remain sensitive to government regulations as Washington looks at changes to the financial and health care regulatory environments, and taxing authorities look to new sources of revenue. For the third year in a row, federal, state and local regulations risk ranks top of mind for companies (88%, compared to 81% in 2009 and 87% in 2008). Accounting, internal controls and Sarbanes-Oxley compliance fell in rank this year, likely reflecting the increased maturity of those regulations.
- Faulty Equipment and Anticipating Customer Demand. As technology companies begin to ramp up production in a tight economic environment, the risks associated with product failure and delays become even more imperative (64%, up from 58% in 2009 and 68% in 2008). Predicting customer demands, and supplying them, poses a threat in itself, as companies struggle to determine consumers’ monetary liquidity and appetite for consumption (63%).
- IP Infringement and Breach Issues. Companies’ concern with IP infringement (74%) decreased from the fifth spot last year to the tenth this year, but with companies like Microsoft and Yahoo losing infringement cases already in 2010 this may change as the year progresses.
- Litigation Risk On The Rise. Technology companies are anticipating more litigation risks this year (80% in comparison to 68% in 2009). This could be an indication that companies are preparing, and in a better position, to pursue legal action for IP infringement and breach issues.
- International Operations. In comparison to last year, fewer companies cite international operations as a concern (83% versus 90% in 2009). New taxes aimed at international operations could also have a profound effect on companies decision whether to outsource in 2010 and beyond.
Data security and breach prevention ranks low as a risk factor for most big technical companies, according to new research that identifies the most widespread concerns among the 100 largest U.S. public technology companies. The research, released by BDO, examines the risk factors listed in the fiscal year 2009 10-K SEC filings of the companies; the factors were analyzed and ranked in order by frequency cited.
Among security risks, natural disasters, wars, conflicts and terrorist attacks were cited by 55 percent of respondents as a risk concern and was 16th on the list, much higher than breaches of technology security, privacy and theft, which was mentioned by 44 percent of the companies, putting it at 23rd on the list. Aftab Jamil, leader of the Technology Practice at BDO, said he thought business continuity was driving worries about risks like natural disasters and conflicts.
“The core risk for companies is, should they have catastrophic failure on their part; be it fraud or error or misapplication of GAAP accounting rules, eventually if this leads to restatement of historical financials, there is not only the cost involved in handling that, but, more than that, there is market perception of what is going on,” said Jamil. “The taint that your reputation might suffer because of that is huge. It’s so easy to lose shareholder value because market reaction might be so negative to any issue that may arise.”
See also Business continuity, not data breaches, a top concern for tech firms, by Joan Goodchild, Senior Editor, CSO Security and Risk.
=============================================
The relationship between Business Continuity and Risk Management are comprehensively addressed in the book A Risk Management Approach to Business Continuity: Aligning Business Continuity with Corporate Governance, by David Kaye and Julia Graham (420 pages, $95.00).
Tags: Business Continuity, data breach, informatio security, InfoSecurity, risk factors, survey
