During global slowdown or so called recession period, companies are forced to reconsider their investments in IT infrastructure. It is a well known fact that, companies start exploring the ways to cut overall costs in such times. Undoubtedly, such actions are required to sustain your business in the tuff times.
On the basis of current market trends and various business forecasts, The investment decision makers have to re-consider the following-
- What’s a must-have?
- What can be delayed?
- What can be dropped?
But from a GRC (Governance, Risk Management & Compliance) perspective, the security and compliance continues to be a must have. Security can not be delayed or dropped at all. Whenever people neglected security the probability of damage and losses increased and the recent credit card frauds and various personal data theft incidents are a few examples.
My opinion is that, In the times of crisis the security should be on your top priority. The trend for criminal actions doesn’t go down due to a recession. On the contrary, your competitors take a strong line on your assets and try to evade any useful confidential information. Industrial espionage is a bigger threat than ever. Even your employees will try to take whatever they can in order to foster their advantage in the market. Therefore, I recommend investing in GRC as a must-must-have especially in times of the crisis.
Thanks for a short blog on this topic. This is really motivating. I like the way you post information in short blogs, keep it up Amol.
these are some new risks so again they have tp consider new strategies if these were not already considered.
But again will one be ready to put in the savings into GRC at this time is a big question
I believe the problem in GRC has never been policy. It has been the implementation weaknesses that have given rise to the current crisis in the markets as well as confidence. There are adequate tools and well developed ones at that, but then the biggest issue comes from the fact that the ones who manage the systems are the ones who specify the requirements – a clear case of conflict of interests. And that is at the root of all GRC failures.