Protecting Intangible Assets
As recently as 1982, tangible equipment such as buildings, facilities, furniture, computer hardware, etc. comprised 62% of an organization's business value. Unfortunately, large buildings and facilities were expensive to acquire and maintain. Over time, organizations adopted a new business model, relying on technology to deliver products and services at a lower cost.
By reworking their business model, firms automated many of their manual processes and migrated from manufacturing plants and equipment to the electronic delivery of products and services. This transition shifted organization value from tangible to intangible assets. By 2002, tangible assets were only 12% of an average company's market value. 88% of the value of the organization was attributed to intangible assets such as intellectual property and "information assets".
With the change in business model from tangible equipment to "information assets", organizations experienced a new type of business risk, electronic threats. Electronic threats included viruses, hackers, data theft, and many others. Without proper protection, organizations found that their market value was at risk. Over time, organizations implemented security in a reactive manner, first installing anti-virus software and later implementing firewalls as Internet risks increased. Unfortunately, this ad-hoc approach wasn't sufficient and many firms experienced downtime, lost employee efficiency, and reduced market value.
Leading organizations took a different approach, realizing that security needed to be implemented according to the value of their intangible assets. Since many threats were hidden, a proactive approach of using risk assessments helped these organizations identify hidden threats, implement steps to manage these risks, and eliminate or reduce threats to acceptable levels.
Not all risks are created equal and risk assessments help firms reduce their costs while increasing protection of their “information assets”.