Enterprises are not taking threat of cyber espionage seriously enough, Ovum finds

Enterprises are not taking the threat of cyber espionage seriously enough, and many have not taken adequate steps to prevent an attack, according to Ovum.

In a new study*, the independent technology analyst claims that cyber espionage is a major threat to enterprises. But despite this, it has been overlooked, leaving many vulnerable.

Graham Titterington, author of the report and Ovum principal analyst, said: “The threat of cyber espionage must be addressed by enterprises as it is as relevant to them as it is to national security organisations.

“Cyber criminals are graduating from stealing credit cards and banking credentials to targeting corporate plans and proprietary information. They want valuable information such as product and technology blueprints, customer lists, or information that can be used to embarrass or disadvantage a victim.

“Almost every organisation has sensitive information that would damage it if it were to be leaked out; however, many have overlooked cyber espionage in their preoccupation with preventing the theft of financial data. This needs to change, and enterprises need to wake up to the danger posed or risk losing valuable information and having to deal with the consequences.”

Cyber espionage is usually aimed at key individuals within an organisation, who are sent ‘spear phishing’ emails containing malicious links or attachments that infect their machines. The criminals then use malware to identify assets, decrypt login details and steal the target information.

Titterington commented: “The home computer networks and personal lives of key individuals may be the weakest part in the corporate security defenses. Personal information may reveal passwords and other credentials, and individuals may be susceptible to blackmail.”

The report advises enterprises to increase their awareness of cyber espionage, restrict the distribution of sensitive information, vet users who have access to high-value information, protect data held on third third-party sites and conduct a risk analysis, including mobile devices and removable media.

The report also warns enterprises that holding large amounts of data can increase the risk of falling victim to cyber espionage, and they should look to minimise volumes. Titterington added: “Every piece of stored data and every copy of this data is a potential leakage incident as it gives spies more potential targets to attack. The increasing volume of data makes it harder to manage the entire data estate.

“The growth in data volumes should be examined critically. At minimum, organisations should make more use of shared data infrastructure and services so individual users can be discouraged from creating their own copies.”

-ENDS—

NOTES TO EDITORS

*Protecting Against Cyber Espionage

To arrange an interview or for further details regarding this release please contact Kelly Livesey in the Ovum press office on +44 0161 238 4081, or email klivesey@datamonitor.com

ABOUT OVUM

Ovum provides clients with independent and objective analysis that enables them to make better business and technology decisions. Our research draws upon over 400,000 interviews a year with business and technology, telecoms and sourcing decision-makers, giving Ovum and our clients unparalleled insight not only into business requirements but also the technology that organisations must support. Ovum is part of the Datamonitor group.

New threats dictate a different approach to security

Businesses will struggle to keep up with the growing list of threats such as cyber espionage unless they adopt a different approach to tackling them, according to Ovum.

In a new report*, the independent technology analyst states that there is an ever-increasing list of security threats to businesses and to keep up they must develop a new line of defence.

Ovum identifies cyber espionage and online fraud as among the most urgent security threats in a long list that companies need to tackle. Other priorities include compliance and the protection of intellectual property,

Graham Titterington, Ovum analyst and author of the report, said: “Security needs are growing fast. Businesses are facing a large-scale, well-organised and well-resourced criminal network which is intent on defrauding them and their customers.

“On top of this there is the growing threat of cyber espionage and the need to meet ever more stringent compliance requirements. In addition, while cloud services and virtualisation have many advantages, they also bring their own dangers. We believe this ever-growing list of new threats needs a new approach to security and the focus should now be on protecting assets rather than defending perimeters.”

According to the report, cyber espionage is now a major problem for business and is no longer just a concern for governments. Titterington said: “State sponsored cyber attacks are now a threat to the commercial world, which should be as concerned about them as governments are.”

Examples of state sponsored attacks on businesses include the strike against Google in China in early 2010. According to the report, there have been similar attacks on at least 34 US corporations and Fortune 500 companies are coming under constant attack.

According to Titterington, to deal with the ever-growing list of new security threats, businesses should adopt a risk management strategy that allows them to manage threats when they become a risk, rather than limiting their impact. He believes vendors have a key role to play and should ensure they are addressing the changing priorities of businesses in the products and services they provide.

He added: “Businesses are looking to vendors to provide leadership and advice to help them through the fast-moving security landscape. There are also significant new opportunities for vendors in securing new mobile devices such as tablet computers and smartphones. In addition, the range of emerging data and content services also represent a good opportunity for vendors.”

-ENDS—

NOTES TO EDITORS

*2011 Trends to watch: security

To arrange an interview or for further details regarding this release please contact Kelly Livesey in the Ovum press office on +44 0161 238 4081, or email klivesey@datamonitor.com

ABOUT OVUM

Ovum provides clients with independent and objective analysis that enables them to make better business and technology decisions. Our research draws upon over 400,000 interviews a year with business and technology, telecoms and sourcing decision-makers, giving Ovum and our clients unparalleled insight not only into business requirements but also the technology that organisations must support. Ovum is part of the Datamonitor group.

The study, which involved 150 local and national government agencies across Europe and North America being surveyed, found that security is the most significant barrier to Web 2.0.

When asked about the main obstacles to implementation of Web 2.0 technologies, 44% of respondents cited security concerns.  In Europe the figure was above 50%, revealing that security is an even greater concern here than in North America.

Jessica Hawkins, associate analyst at Ovum, said: “As agencies seek to improve collaborative outcomes across departments, governments are beginning to explore the capabilities of Web 2.0.

“While 16% of the agencies surveyed have already adopted Web 2.0, a further 42% have plans to implement it in future. However, data security continues to be a major barrier for some and indeed is by far the biggest obstacle.

“Fear around the security of data is a real issue and the risk can never be entirely eliminated. This may go some way to explaining why 41% of agencies have no plans to adopt Web 2.0 in the foreseeable future.”

Other obstacles cited include a lack of training resources (8%), restrictive regulations and a lack of ‘buy-in’ from senior decision-makers (both 5%).

Blogs, social networking and RSS feeds are the most popular Web 2.0 tools across the survey area. Some differences between Europe and North America exist, with European agencies seeing far greater take-up of wikis and blogs, whereas their North American counterparts are making more use of social networking.

Local government agencies are using social networking and blogging more often, while there is greater take-up of wikis among agencies at the national level. Citizens and recipients of services are the most frequently cited target at all levels.

Despite current reservations, Ovum expects to see increasing Web 2.0 activity at larger government agencies over the next 12 months as security fears are gradually overcome and fresh attempts are made to connect with citizens.

The independent technology analyst has warned in a new report* that cloud governance is suffering from the same flaws that are affecting other IT governance areas.

Ovum believes a new approach is needed as cloud computing, the latest in a series of disruptive trends affecting IT departments, cannot thrive without an effective governance framework that promotes and ensures coordination between IT teams.

Laurent Lachal, Ovum senior analyst and report author, said: “Most IT governance efforts are prompted by new regulations or by the need to keep up with uncontrolled SOA software services, virtual machines or public cloud services – whereby governance starts when the public cloud bill is much higher than expected.

“The use of public clouds is a good example of that. Despite growing interest in IT transitioning from managing technology to providing technology as a service, neither business nor IT executives have been particularly proactive in managing the various changes that such a transition requires at all levels.”

Cloud computing makes IT governance more difficult by introducing an additional layer of complexity that businesses need to control in order to make the most of its benefits. Cloud governance best practices – like cloud computing itself – are still in their infancy and Ovum believes the focus should, in future, be on enabling flexibility.

“Public as well as private clouds’ ability to make it faster and easier to procure, develop, deploy and hardware and software assets will make the biggest difference. Cost and quality of service issues are critical but cloud computing governance should not over emphasize them at the expense of enabling firms to strike the right balance between effectiveness and innovation”, said Lachal.

“Cloud governance is not just about control and keeping an eye on individuals to make sure that they behave as expected. It should also be about empowerment, based on a realignment of objectives and incentives to encourage behavioral change.”

Ovum does not expect a ‘big bang’ implementation of cloud governance, but rather a gradual build-up that provides an opportunity to launch and/or reinvigorate other governance efforts.

A global survey* by the independent technology analyst has found that organizations are contemplating reducing the outsourcing of security and other IT management applications.

Of more than 500 CIOs surveyed by Ovum, only 7% said they were considering outsourcing IT security over the next two years, down from 18% currently.

Rhonda Ascierto, senior analyst at Ovum, described the planned reduction in IT security outsourcing as one of the most striking trends revealed by the survey.

She said: “The main reason for this shift away from IT security outsourcing is most likely a lack of confidence. Organisations are now more subject to compliance considerations in the form of both formal external and internal policy-driven requirements, particularly in the wake of the US banking controversies and other financial scandals.

“Some may find it difficult to obtain a measurable security metric from an outsourced provider because security is often reported only after negative security occurrences. If security is not breached then there is nothing to report.

“The reversal of outsourcing security is also likely to be due to some organizations grappling for more control over their IT operations, of which security is a central aspect.”

Additionally, contractual clauses from outsourcers often do not give the quantitative assurance that organisations need or desire. This may be viewed as a problem with IT outsourcing in general, rather than IT security specifically, since any failings impact the whole business while the contract is limited to the aspects of the IT operation that are outsourced.

Ovum believes this may have contributed to growing unease about the security of outsourced IT in general, with IT security outsourcing simply being the first part of the spectrum to feel this change of mood.

Titled Data Governance in a Downturn, and authored by analysts Graham Titterington and Mike Davis, the report examines the risks and the opportunities and practical steps an enterprise should take to address them.

Data governance costs money and in a downturn, there is a pressure to reduce it. According to Ovum’s Mike Davis this is a mistake. “The long term cost of chaos is always greater than the cost of establishing order”, says Davis. “Data governance policies should be reviewed, and if necessary bolstered now. They will not be effective if introduced as a panic measure in the middle of a downsizing process. People need to know in advance what they have to do, and how they should do it.”

Data governance is an important part of risk management

The increased risk associated with the downturn comes mainly from internal factors, although external relationships can also be impacted by the loss of records of agreements and transactions, and by any deterioration in services for customers and partners.

“There is both a moral and a legal obligation to take care of information held by the organisation that belongs to others”, say co-author Graham Titterington. “Loss or leakage of information may cause a violation of legal or regulatory compliance that may have consequences beyond the immediate penalty imposed on the organisation.”

The risk of a process failure or a malicious act increases in a downturn

Policies are required to protect the organisation. For example there is the question of whether a redundant employee should leave immediately or complete their current tasks. Each case should be considered on its merits, for there is no “right” answer that covers all cases. Most employees have information that exists only in their head and it is a challenge to retain this information in the organisation.

When they do leave there should be a thorough “de-provisioning” process from access to corporate resources. Information on their PC and mobile devices should be brought back into corporate servers. Devices should be thoroughly “cleaned” before being re-assigned or disposed of. This process is more complicated if the device is the personal property of the employee. An ongoing legal agreement for the employee to return, delete and desist from using corporate information assets is likely to be the best protection that the organisation can achieve.

Even greater risks relate to the disposal of redundant servers and storage media. “A downturn causes rapid changes in the way in which an organisation operates, and there is a danger of the infrastructure developing in an unplanned way. Uncontrolled development leads to higher long term costs and endangers information integrity,” says Titterington.

Contracts with external service providers may also be terminated as part of this rationalisation. “It is important to ensure that all information is returned to the organisation and secured” says Mike Davis.

Think positively – Now is the time to review data governance

An economic downturn can be seen as both a threat and an opportunity for data governance in businesses – a threat due to the potential loss of the information assets of the organisation if it rationalises staff and locations, an opportunity to focus on those assets, to secure and consolidate them and be better prepared for the recovery.

Davis concludes:

“Addressing risk and being able to grasp the opportunity requires an information management strategy that values data governance. Considerable business value can be gained by identifying what information the organisation possesses, and where it can be found. Operational efficiency can be improved by bringing distributed information into the data centre, along with standardising information processes. “

London – Amounting to over $100 billion worldwide*, overall retail shrink from theft, crime and waste is having a hugely damaging impact on retailers profit margins. Over half the losses can be attributed to Point of sale (POS) shrink – loss incurred through cashier error, theft and fraudulent POS transactions. In a new report, ‘Using Business Intelligence and CCTV to Reduce Shrink in Retail (Strategic Focus)‘, independent market analyst Datamonitor predicts global retail shrinkage will climb to almost $115 billion by the end of 2009. With global retail sales growth in the tough economic climate expected to be small or even non-existent, technology such as data mining used in conjunction with CCTV is one of the key solutions being tipped when it comes to retailers investing in technology to combat shrink and improve the bottom line. Moreover their dual-use beyond loss prevention means they can also be utilized for marketing and merchandising purposes.

“Retailers have long focused their attention on customer merchandise theft. Efforts and big budgets have been spent on expensive closed circuit television (CCTV), digital recording, electronic security tagging, and alarms to prevent and monitor customer theft, says Christine Bardwell, retail technology analyst at Datamonitor and the report’s author. “But attentions are shifting. Over half of shrink can be attributed to internal loss, and general employee- and cashier-caused shrink, whether intentional or not, is a now a massive concern in most retail organizations.”

Process error and ‘sweethearting’ are the biggest causes of loss from internal shrink

The three biggest causes of loss at POS are cash theft, fraud and process error.

‘Sweethearting’, a form of theft involving collusion between an employee and customer, (usually a friend or family member), falls under all three categories, because it can involve cash theft and/or fraud and is very difficult to distinguish from process error. Retailers agree that process error and sweethearting combined, form the biggest part of loss incurred at the POS.

Technology can help identify many of the contributing factors of POS shrink

There are two technologies at the forefront of the fight against the major causes of shrink at the POS. Data mining is used to identify patterns that identify cash theft, fraud, and process errors, while CCTV provides visual evidence to separate actual shrink from false positives.

A data mining application is relatively inexpensive. It quickly highlights weaknesses and fraud in the system and has a huge deterrent effect: as stealing employees are caught, it will discourage others. It is also useful for picking up external crime scams such as organized refund fraud and credit card fraud, as data mining will quickly establish if a card has been cloned and is refunded at stores all over country.

A major advantage for using data mining rather than a simple exception reporting or business intelligence (BI) application is that retailers can monitor multiple aspects, such as the cashier, location, product, and credit card details. Using train of thought analysis, the system can re-write queries.

The benefits of these technologies can also be used for marketing and merchandising

Data mining and CCTV have uses that extend beyond loss prevention. Retailers can also benefit by using them for marketing and merchandising. Data mining can assist in providing data for overall performance and, more specifically, basket analysis and customer loyalty. Video analytics can aid marketing and merchandising. Staff training could benefit from CCTV footage. Internet protocol (IP) networks could help retailers realize further cost savings across the business.

British clothing brand Jaeger rolled out a loss prevention program with a view to cut fraud by a fifth. Shoplifting was only 30% of the problem: analysis estimated that internal theft accounted for 42% of losses, and process errors for 21%. In August 2008, Jaeger completed the implementation of a data mining system. Data from the POS and other sources such as the supply chain, product development and design are merged to allow Jaeger to identify sources of loss. The system enables the retailer to spot process errors and potential fraud, and is also being used for basket analysis. Jaeger expects to improve its bottom line by 2%.

Virgin Megastores in the US provides a good case study for the overall benefits of IP. The retailer has networked ‘Digital Listening Stations’ which allow customers to play album samples and search through the inventory in stock at that location. In addition, the IP WAN is connected to IP phones, servers, kiosks and POS registers. If there is a problem with any device, an alert is triggered.

Technology vendors will need to prove to retailers that the investment will deliver a quick return through a trial or working case studies before a retailer will part with their money.

Bardwell concludes:

“Retailers need to be efficient in dealing with shrink. Loss prevention (LP) will be a high priority in the coming years because of the hard business climate so there will be growing pressure on retailers to invest. Using technology to uncover internal fraud quickly will enable them to discipline or retrain the staff responsible without further damage to the bottom line.”

London - A competitive marketplace and changing customer habits are driving insurers in the US to invest in online sales strategies, says a new report by independent market analyst Datamonitor. By developing an online sales strategy, insurers are able to lower customer acquisition costs, as well as gain control of the customer relationship. Wide scale adoption, however, will be tempered by the fragmented regulatory regime and the powerful agent forces in the US. The report, “Catching Up: Online Direct Sales in US Personal Lines Insurance,” highlights several ways that US insurers with existing agent channels can develop a direct sales strategy.

“Because of the market conditions, insurers need a way to efficiently deliver their product and increase per customer profitability, which is possible with an online sales strategy,” says Jonathan Steiman, a Financial Services Technology Analyst with Datamonitor and the report’s author. “But perhaps even more importantly, insurers need to move online to meet the needs of an increasingly internet-centric consumer.”

Steiman warns, however, that an online sales strategy can be fraught with risk. “For insurers with agent forces, which are the majority of insurers, there is a real threat of agent backlash. Also, as more US insurers move online aggregators will begin swarming like sharks, threatening the very customer relationship insurers hoped to own with a direct online strategy,” Steiman says, referring to the broker-like websites that collect insurance quotes from a number of insurers.

Direct online sales can deliver improved financial performance

Today’s market is challenging. Insurers are facing a soft pricing environment, as well as poor investment income. The combination of these two factors is placing great pressure on the bottom line. To bolster their competitive position insurers need to adopt cost efficient sales and servicing strategies, as well as improve the customer relationship – both of which are possible with an online strategy.

Customer acquisition costs can be dramatically reduced with an online strategy, thanks in large part to low or no commissions. But nothing is free. Online direct sales require massive amounts of advertising; GEICO and Progressive Corp. being prime examples.

A successful online direct sales strategy enables insurers to own the customer relationship. Under the typical agent model, the agent owns the customer relationship, in that they manage nearly all interactions, while the insurer simply carries the risk. As a result, many insurers have struggled to manage their brand, drive cross- and up-sales and capture pertinent data. By selling direct to the consumer, insurers can conquer the policyholder relationship, leading to improved profitability.

A successful online strategy begins with the customer experience

Buying insurance can be a daunting task, which is why so many consumers find solace in agents. Insurers, therefore, must try to closely replicate the consultative nature of agents with their online offering. Insurers can achieve this two ways.

First, websites should be designed dynamically so that only the pertinent questions are asked. If, for example, an auto applicant indicates they will be the only person on the policy, then the section for “additional drivers” should not be presented. “It seems simple enough, but insurers have had the bad habit of simply digitizing existing paper forms,” says Steiman.

Second, security is a key concern for consumers. It seems like every day a financial services firm compromises their customer data. Insurers, who oftentimes possess financial as well as personal health information, must do their best to ensure data safety. For this reason, it is imperative that carriers with online strategies invest in verification and encryption technologies.

London - With the US Presidential Election fast approaching, there’s a lot of talk about candidates, policy platforms and running mates. But a subtext to all the hype is that come election day, how will everyone’s vote be counted? A report just published by independent market analyst Datamonitor says voting machine vendors must work to maintain public confidence in their products, and help combat negative perceptions of electronic voting. The report “Elections in the 21^st Century: The Rise of Electronic Voting”, predicts optical scan voting machines will continue to be widely adopted, and Internet voting, although its widespread implementation is a long way off, will act as a complement- rather than a replacement- to voting at the polling place.

“Elections in the 21^st century have become very technology-dependent processes and without a doubt, electronic voting brings a number of benefits to the election process”, says Ben Madgett, Public Sector Technology Analyst at Datamonitor, and the report’s author. “However, there has been a lot of negative press around the reliability and security of these systems. Going forward, vendors will need to take steps to build confidence in their systems, and counter the criticism coming from anti-voting machine advocates.”

Electronic voting has been adopted by countries around the world

Electronic voting machines have seen a rapid uptake in countries around the world. Western European countries such as the UK and Netherlands have used electronic voting systems in binding elections, Brazil and India have instituted electronic voting with relatively little controversy, and Estonia recently became the first country to allow its citizens to vote over the Internet.

Perhaps the most high profile uptake of electronic voting has been in the United States. After the 2000 US Presidential Election was fraught with controversy over poorly designed paper ballots which put voter intent into question, Congress passed legislation calling on states to upgrade their voting equipment. This gave rise, virtually overnight, to a market for electronic voting systems in the US.

Voting machines have provided a number of benefits to the election process. For example, direct recording electronic (DRE) machines can be equipped with audio or tactile devices which allow disabled citizens to cast ballots independently. In addition, they also help conduct elections in a more efficient and cost-effective manner, such as reducing the costs associated with printing ballots and hiring extra polling staff. “At the end of a long election day, a voting machine can spit out election tallies much quicker and more accurately than overworked and tired polling place staff, especially when they are counting complex ballots with multiple races by hand”, notes Madgett.

The Internet as a commonplace voting channel still has some way to go

Beyond the polling place, some countries have implemented binding Internet voting on a limited basis.

“Insofar as the Internet is concerned, it has been implemented in a number of jurisdictions, such as Estonia and Switzerland, and in the 2008 US election, a county in Florida is running a pilot for its military voters living abroad”, says Madgett. “It will however be some time before the Internet becomes a commonplace voting channel, and even then, it is likely to serve as an additional option- rather than a replacement- to voting at a local polling place.”

Vendors need to combat the perception that voting machines are vulnerable

In recent years, there has been somewhat of a backlash towards paperless touch screen systems, due to concerns about the lack of a verifiable record of the voter’s intention and there is still a lot of resistance among the public to the use of technology to count votes. “After some of the recent tests which demonstrated potential security vulnerabilities with touch screen systems, most election officials are proceeding cautiously,” notes Madgett.

Electronic voting machines are only as secure as the processes which govern their use. The report notes the key to a successful election is ensuring well-trained poll workers and election staff following well-established procedures, leading up to, on and after the election; a jurisdiction could use the most secure voting machines in the world, but without proper security procedures governing their use, they would be vulnerable to malicious behavior.

“As partners in ensuring the conduct of democratic elections, and with the industry at a pivotal stage, there is a very real need for vendors to work closely with election officials and computer scientists to ensure that the technology they are supplying is used in a secure manner”, says Madgett. “It’s in vendors’ best interests if they want to keep their voting machines out of the headlines for the wrong reasons. Democracy depends on transparency; the more transparent electronic voting becomes, the more likely it is to be adopted and embraced by the voting public.”

“Technology vendors and industry commentators have been appending the ‘2.0′ suffix to all manner of enterprise products and domains over the last year or so in an attempt to signify something new, innovative and user-focused”, says Richard Edwards, Information Management Practice Director at Butler Group and co-author of the report. “But the term ‘Web 2.0′ still remains the touchstone of the IT industry.”

The social forces driving change in the consumer computing world are also impacting the way business gets done

Butler Group believes that social software, collaboration, and real-time communications are now pivotal parts of the ‘Enterprise Web 2.0′ story, and that these in turn are acting as conduits for new cultural ideas and practices.

“The ideas, concepts, tools, and technologies behind consumer-oriented social networking software are being re-shaped and re-modelled for enterprise use,” says Mike Thompson, Butler Group’s Business Process Management Practice Director and contributor to the report.

Enterprise Web 2.0 focuses a great deal of attention on the user’s ‘experience’ or ‘joy of use’ – something of a novelty in enterprise IT these days

Rob Hailstone, Software Infrastructure Practice Director at Butler Group, explains that  ”Enterprise Web 2.0 is underpinned by the broader concept of Enterprise 2.0 – a paradigm shift relating to Service Oriented Architecture (SOA) and IT virtualisation.”

In some circles, the terms ‘Enterprise Web 2.0′ and ‘Enterprise 2.0′ are used interchangeably to describe the application of Web 2.0 ideas and technologies in the enterprise; however, Butler Group analysts believe that a clear distinction exists between the use of these two terms, and that this differentiation is important to maintain, as it enables more meaningful discussions to be had when examining the future role of IT within the business.

The failure to consider the impact of social enhancement technology on the performance of the enterprise is a big mistake

This in-depth report looks at the business issues that are forcing IT management to re-evaluate their strategies, and it explores some of the common trends that are emerging across a range of sectors and industries.

“The management of customer, employee, partner, and stakeholder relationships is vital for all organisations”, says Mark Blowers, Enterprise Architectures Practice Director at Butler Group. “The social aspects of Web 2.0 are mirrored in the corporate world of Enterprise Web 2.0. Workforce mobility and changing communication patterns are two more trends that are driving change at the infrastructure layer. As such, unified communication and collaboration requirements are an important part of Enterprise 2.0 strategies.”

Continued developments in Web browser technology have led to new Rich Internet Applications that offer Windows-like performance and behaviour

“It is clearly a mistake to think that Web 2.0 is all about technology, and likewise Enterprise Web 2.0; but it is also a mistake to dismiss the technology altogether”, says Michael Azoff, Senior Research Analyst at Butler Group and a major contributor to the report. “Selecting and implementing enterprise social software solutions, next-generation collaboration solutions, and Rich Internet Applications requires careful thought, consideration, and planning.”

Edwards sums-up Butler Group’s view saying:

“The driving force behind every aspect of Enterprise Web 2.0 is the experience of the end user, whether that be employee, customer, partner or stakeholder. This means that all organisations must reassess their IT strategies in view of this clear and distinct shift in direction.”

“Vendors should be wary in assuming that the recent downturn in IT budgets is a short lived phenomenon” says Daniel Okubo, technology analyst with Datamonitor and the report’s author. “For the past couple of years enterprises have been cutting back IT budget increases as they adopt a more cautious viewpoint of the global economy. More recently, the financial services market, as seen by the recent collapse of Lehman Brothers, is suffering from a crisis in confidence caused by a spate of write-downs and concerns over liquidity.”

The majority of enterprises will halt increases in 2009

Datamonitor has analyzed the responses of over 8000 IT decision makers between 2006 and 2008*. For the fourth consecutive year the number of enterprises planning to significantly increase their IT budget has fallen. This according to Datamonitor suggests there are deeper concerns in the IT market than just the recent economic problems.

Over 50% of respondents stated that they expect to keep their IT budget the same in 2009 as it was in 2008. 37% of the respondents expect to see their IT budget increase in 2009 and 13% are anticipating IT budget cuts. This appears to be a mixed message for technology vendors and service providers. It indicates that, on the whole, enterprises are not planning to decrease their IT expenditure despite the current economic climate.

The economic downturn is masking the trend of growth in IT budgets falling

However, when the results from previous surveys conducted by Datamonitor in 2006 and 2007 are analyzed, there is a noticeable downward trend in the proportion of enterprises planning to significantly increase (by 6% or more) their IT budget, from 20% in 2006 to under 10% in 2009. In Datamonitor’s view, this suggests growth in the amount spent by enterprises on IT is on the decline which would indicate that growth in the IT market overall is going to slow down.

“These results should be a warning sign for vendors”, says Okubo. “An analysis of forward looking statements in enterprises’ annual reports reveals deep concerns over future prospects as domestic demand in developed economies falls.”

Despite this, there are still enterprises planning to significantly increase their IT expenditure in 2009. Therefore it is still possible for vendors to experience solid growth if they target the right vertical markets with the correct market strategy.

Verticals are reacting differently to market conditions and the healthcare industry is planning significant spending increases in 2009

While the retail and manufacturing industries are suffering from high interest rates, falling domestic demand, inflation and higher commodity prices, the healthcare industry is planning significant spending increases in 2009, with 57% of respondents in the industry saying they plan to expand IT expenditure.

In Western Europe, the US and Japan, the aging “baby boom” generation is starting to increase demand on the health services, leading to rising costs for national and private health systems. In an attempt to address this, the healthcare industry is currently investing in new technologies which will enable them to cut costs in the long run and provide more efficient care.

Okubo concludes:

“In a global economy it is important to realize how vertical markets are performing because at times, an analysis at a country level can be misleading. Simply because some IT departments in a given country are planning budget decreases it is incorrect to assume that all industries within that country are suffering. Vendors that understand the nuances in domestic economies will be best positioned to exploit growth opportunities.”

The web, one of the most powerful tools for both promoting and undermining a company’s valuable corporate assets – brand and reputation, has also changed the entire nature of protecting them.  In a new report, ‘Brand protection services’, global advisory and consulting firm Ovum says the task will become even more challenging as Web 2.0 technology spreads. It points out that policy makers have yet to balance the legitimate concerns of organisations with respect for freedom of speech and truthful debate and organisations have to be proactive in protecting their online reputations.

“The fundamental problem is that there is no quality control of content on the Internet.” says Graham Titterington, Principle Analyst and information security specialist at Ovum and author of the report. “The corporate mindset has been slow to adapt to the changing world. New techniques are needed to detect attacks and defend reputation in the online world, even when the remedy requires conventional legal action.”

The Internet is now a major channel for the sale of fake branded goods, which in some cases results in danger to the customer. Copyright and trademark infringement are commonplace. Businesses have suffered real damage as a result of false allegations spread on the Internet. The annual revenue of online counterfeiting fraudsters has been estimated at $110 bn (source MarkMonitor).

Another aspect of online counterfeiting is represented by the misuse of a web domain name. The attacker sets up a website with a similar name to that of a legitimate organisation with the deliberate intention of deceiving visitors. It extends to virtual services offered by fraudsters on the Web purporting to be the legitimate organisation. The issue will become more prominent as the Web becomes more interactive.

A niche group of service providers has grown up to monitor the Internet for these offences and initiate enforcement action both at the ISP level and in the physical world. “For example MarkMonitor is a niche vendor offering services in domain management, online trademark protection, online channel monitoring, and anti-phishing. Larger IT vendors also offer protection services, such as IBM’s COBRA alerting service.”

However, according to Ovum countering bad publicity needs a more subtle approach. Debate has to be matched by a positive involvement in online discussion forums. The wider issues of reputation abuse need to be tackled by a combination of prevention, detection and reaction. The first stage in protection is the registration of trademarks, domain names and intellectual property. Web monitoring can detect early stages in the development of an attack strategy. More detailed detection requires the co-operation of ISPs in identifying the use of specific IP addresses and their ownership. Reaction includes, forensic analysis, the issuing of legal notices and follow up action, and the closure of web sites and IP addresses that are engaging in illegal activity.

The report concludes that this will provide the impetus for financial services institutions (FSIs) globally to re-evaluate their enterprise risk strategy and to leverage regulatory driven technology spend into operational risk based performance management in the search for competitive advantage.

Spend on operational risk related technology to top $1 billion by 2010

Operational risk is the risk of loss resulting from failed internal processes, systems and people, and external events. Datamonitor expects global spend by FSIs on operational risk technology to grow from $754m in 2007 to $1,056m in 2010, representing an average annual increase of almost 12%.

“With the proliferation of structured finance securities such as collateralized debt obligations (CDOs), the means to accurately value them due to a lack of depth in the market led to many valuations being ‘marked to model’, or ‘mark to fantasy’ as it turned out,” says Damian Shaw-Williams Financial Services Technology Senior Analyst with Datamonitor and the report’s author.

The modelling of exposure to CDOs also failed to address the highly leveraged nature of many funds, leaving many exposed to any downgrades, the effect of which is thus amplified and can lead to a further sell-off of assets, which can contribute to a downward price spiral.

According to Shaw-Williams, “a re-evaluation of the modelling tools used will provide the motivation to evaluate more powerful modelling platforms. In addition, comprehensive databases of underlying macro and historical data will increase the utility of common methodologies.”

Operational Risk Management – the next frontier

While FSIs have always needed to manage operational risks, the practice of operational risk management (ORM) as a separate discipline is still evolving. In recent years, many risk professionals have considered the discipline of ORM the ‘next frontier’ in risk management.

Relative to credit risk and market risk, operational risk is more difficult to define, quantify and manage. Nonetheless, the imperative to improve governance, risk and compliance processes at financial institutions has never been greater.

“More than ever, corporate directors, business executives and risk professionals realize that operational risk is critical not only for regulatory compliance but also for operational efficiency and effectiveness,” concludes Shaw-Williams.