Additionally, the creation and rollout of an ERM strategy and adherence to a voluntary governance/certification framework (such as / , etc.) appear to both, substantially lessen the chance of occurrence and the total cost of a dealing with a cyber crime incident.

Why you ask? Many companies seem to have a cavalier or complacent attitude, at least unofficially, something akin to, "Our security is already good enough;" "We are already better than the competition;" "Those requirements don't pertain to us" etc. These hardening of the attitudes are dead wrong on several counts!

What about your company? Also, know that compliant (with whatever standard or regulation) does not necessarily mean secure! IT Risk Management (InfoSec, BC / DR, Compliance, Governance), like ERM, is a continuous improvement program, not merely an "achieve it once and forget it" project. Then there is the mixed blessing of social networking, the newest avenue for potential business growth and nefarious conduct. Some analysts estimate that 30 percent of corporate bandwidth is consumed by .

Some proponents argue that social networks such as function as agents of business outreach. Some IT vendor support is now delivered by social media sites. In addition, public relations and marketing teams are finding value in social networking to deliver promotions. YouTube is becoming a more mainstream platform for companies' public relations efforts.