Risk is the flip side of value. For everything that is of value, there can be circumstances endangering that value.
Risk in a digital world is not always easy to think through. While we can borrow a lot from the real world, certain important differences exist.
At the core of every risk assessment there is the thing we worry about the most: the ‘asset’. In a digital world, this is often the data. Think of business critical data, like our database of customers. Think data that we have a compliance obligation on, such as personal data.
In information security, like the name implies, we mainly worry about the security of that data.
It is common to distinguish between availability, confidentiality, and integrity risks. All of these can be a risk to the business.
Business processes run on data, and if they are not, they can typically be improved by using more data. We cover that in more detail in another place.
If the data is not available, the business process can suffer, and its value reduced.
If the data leaks out, the business process can suffer, and its value reduced.
If the data does not reflect the reality well enough, the business process can suffer, and its value reduced.
Let’s have a look at some examples.
Your (mobile) phone is dependent on a network. If the network is not available, too far away, or congested, you have an availablity problem, and the usefulness of having a phone to communicate drops to zero.
As another example consider a payment terminal: if it does not work, you can’t pay, and probably not get what you wanted to buy.
Confidentiality is about keeping data secret. Again, the examples are not too hard to find. There are probaly pictures on your phone that you do not want to share with the entire world.
In a business context, you don’t want your competitors to know about your plans and pricing strategies.
Integrity means that the data is sufficiently accurate, complete, and consistent.
For example, if customer order records are missing, they may not receive their products. Or they are not invoiced. That is a loss to the business.
Search results (or AI chatbots for that matter) can also lack integrity, for example if they report in a biased way, or leave out important answers.
Integrity is a more fluid concept than the others. What is quality data to somebody may be totally inaccurate for somebody else. Consider social media metrics such as “likes” and “shares.” A marketer might see a high number of likes as valuable data indicating effective audience engagement. Meanwhile, a data analyst focused on conversion rates might regard likes as less meaningful, prioritizing click-through data and sales metrics as more accurate indicators of campaign success. Thus, while the ’likes’ metric is accurate, its perceived quality and relevance differ based on business goals.