Late this summer I was in the wilderness of Algonquin Park in Ontario for a week with the only network available being one of rivers, lakes and portages. Sobig was only spoken of when referring to the three moose we saw! Upon my return, I reviewed the news and e-mail but found no mention of a financial services firm in Canada coming forward and admitting they got caught unprepared by viruses, worms or the recent power outage in Ontario.
On the contrary, regarding the latter, I received many examples of how adroitly the loss of power was handled. For example, ADP Canada, whose payroll services pay one in four Canadians employed in the private sector, boasted how they kept payroll rolling despite the blackout with 100 per cent of scheduled payroll deposits processed to meet Friday payday across Canada. Q9 Networks reported its two diesel generators on the roof of the TD Centre in downtown Toronto and 50,000 litres of diesel fuel stockpiled nearby kept customer Web sites up and running during the blackout. Similarly, OnX crowed that its managed hosting customers remained open for business.
Yet, Info-Tech Research Group, a technology research firm based in London, Ont., reported that a recent survey of U.S. companies revealed that although more than 76 per cent of the firms surveyed said that the blackout had an impact on their organization, most of them admitted that they were not sufficiently prepared. Of those surveyed, 63 per cent said that they were either going to create a new disaster recovery plan or update an existing plan; 20 per cent said that they were planning on purchasing a backup generator; and another 18 per cent said that they were going to review their agreements with their service providers, according to Info-Tech. Thirteen per cent said that the blackout cost their organization more than US$5 million dollars.
So, there must also have been many Canadian companies affected by either the power outage or any of the viruses and worms prevalent at this time. Of course, what company would invite negative publicity by admitting they were vulnerable, especially in the financial services sector?
It’s doubtful that they’ll have a choice in the future.
“There is going to be an increased level of scrutiny and demand by regulators and consumer advocacy groups and other groups in terms of enhancing the level of reporting and disclosure of such incidents,” warns Adel Melek, global leader of Deloitte & Touche’s Global Financial Services Information Security & Privacy Services. As he also notes in this issue’s interview feature, leaders usually take a voluntary approach to reporting information that is in their judgment noteworthy to their shareholders and customer base. Others are going to wait until there is a regulation.
Whether your company is a leader ahead of regulatory compliance or not, hopefully you will find this issue, with its theme of privacy and information security, timely and helpful.