VIEW 29
Assets: Industry variations
Cyber security assets do not only vary with type as in the Parkerian Hexad (View #28) but also across industries. That is to say that the most important assets will be different from one industry to another. The diagram to the right gives a very simplistic illustration of this. The blue circles in the diagram are assets that require protection arranged in the form of a crude corporate model. The vertical axis represents the internal vs external divide. lT systems are focused inwards while reputation is an asset determined externally by the marketplace. Likewise, on the horizontal axis, products sit upstream of customer records which are downstream. In the centre, with a grim inevitability, sits finance.
On the right-hand side of this diagram, there are four contrasting types of business. The most important and least important assets for each are shaded pink and green respectively:
Commercial law firm: If IT systems were to go down for a day or two in a law firm, it would be inconvenient but not catastrophic. It would still be possible to conduct business the old-fashioned way with a phone, a pen and legal pad. Law firms, however, are very vulnerable to reputational risk. Mossack Fonseca, a Panamanian law firm, went out of business in 2018 following a data breach that leaked details of widespread tax evasion by its numerous secretive clients. If a law firm loses the trust of is clients, it will cease to be. So reputation is coloured pink and systems coloured green.
Grommet Manufacturer: In a mirror image of a law firm, systems are vital but reputation for a B2B company is less of an issue. System failure will halt production, maybe for months; a significant problem. Reputational risk is relatively low. As an industrial parts supplier they will have little brand recognition from consumers and their handful of main industrial customers can be appeased in person.
Dental practice: Dentists sit on a large database of sensitive health records which would be extremely damaging if breached. Their core product, essentially an activity requiring precise manual work, is not highly IT dependent. A dentist can still drill and fill your teeth without a computer. So, customer records are pink and product is green.
Wedding photographer: If paid in cash on a jobbing basis, a wedding photographer may not need a sophisticated accounting system. The product, however, if the photos are all digital is completely dependent on an IT system. Losing a hard drive and its backups would be catastrophic, destroying the photographer’s life’s work. So product is pink and finance is green.
This oversimplified model is only intended as a crude illustration of the degree of variation across industry sectors. You will require a proper in-depth analysis of your particular requirements from an appropriately qualified professional.
