Risk is the flip side of value. For everything that is of value, there can be circumstances threatening that value. While value is realized in the past and the present, risk is what can happen with that value in the future.
Risk in a digital world is not always easy to think through. While we can borrow a lot from the real world, certain important differences exist.
At the core of every risk assessment there is the thing we worry about the most: the ‘asset’. In a digital world, this is often the data. Think of business-critical data, like our database of customers. Think of data that we have a compliance obligation on, such as personal data.
In information security, like the name implies, we mainly worry about the data.
It is common to distinguish between availability, confidentiality, and integrity risks. All of these can be risks to the business.
Business processes run on data, and if they are not, they can typically be improved by using more data. We cover that in more detail in another place.
Availability
If the data is not available, the business process can suffer, and its value can be reduced.
Let’s have a look at some examples of availability.
Your mobile phone is dependent on a network. If the network is unavailable, too far away, or congested, you have an availability problem, and the usefulness of having a phone to communicate drops to zero.
As another example, consider a payment terminal: if it does not work, you cannot pay, and probably will not get what you wanted to buy.
Confidentiality
If the data leaks out, the business process can suffer, and its value reduced.
Confidentiality is about keeping data secret. Again, the examples are not too hard to find. There are probably pictures on your phone that you do not want to share with the entire world.
In a business context, you don’t want your competitors to know about your plans and pricing strategies.
Integrity
If the data does not reflect the reality well enough, the business process can suffer, and its value reduced.
Integrity means that the data is sufficiently accurate, complete, and consistent.
For example, if customer order records are missing, they may not receive their products. Or they are not invoiced. That is a loss to the business.
Search results (or AI chatbots for that matter) can also lack integrity, for example if they report in a biased way, or leave out important answers.
Integrity is a more fluid concept than the others. What is quality data to somebody may be totally inaccurate for somebody else. Consider social media metrics such as “likes” and “shares.” A marketer might see a high number of likes as valuable data indicating effective audience engagement. Meanwhile, a data analyst focused on conversion rates might regard likes as less meaningful, prioritizing click-through data and sales metrics as more accurate indicators of campaign success. Thus, while the ’likes’ metric is accurate, its perceived quality and relevance differ based on business goals.