In my last post, I discussed the contentious and confusing nature of cyber risks. In this post, I check in with an expert, Identity Theft 911 Senior Vice President of Data Risk Management Brian McGinley, to get a read on the most important facets of information security in the coming year. McGinley’s firm is a provider of organizational data risk management services.

Eric Krell: When it comes to budget considerations for 2012, what should risk managers and information security personnel keep in mind?

Brian McGinley: Data risk management should be front and center consideration for 2012. We are chasing cybercrime and are behind the curve in terms of protection and countermeasures. We unfortunately too often use an investment model of “too little — too late” and our organizations, customers and citizens are paying a high price for it. The cyber-threats are getting more and more insidious. What used to be a possibility is now a probability when it comes to the risk of damaging information security events and breaches impacting your organization. What you don’t know can and will hurt you — it is no longer a matter of “if” but rather a matter of “when.” more

A few weeks ago I got snookered on the cyber-risk management front.

I read Washington Post article — a piece of reportage describing yet another disturbing cyber security breach — that my local paper had picked up. Only this particular article was far more disturbing than I expected: Russian hackers had caused a water pump in an Illinois utility to malfunction through a similar means that the Stunext worm employed to monkey-wrench (for a year or two, anyway) Iran’s nuclear capabilities. This type of “kinetic cyberattack” was the first ever on U.S. soil — at least the first ever to be reported. more

I’m seeing far too many instances of the phrase “corporate bounty hunter” used in conjunction with the whistleblower provisions of Dodd-Frank.

The phrase suggests that the law’s purpose is to provide incentives to shady characters to falsely claim that their companies are misbehaving in order to collect hefty payouts for blowing the whistle.

Come on. more

Which one of these risks doesn’t belong with the others?

A) Regulatory risk

B) Supply chain risk

C) Privacy and information security risk

D) Commodity price risk

E) Geopolitical risk

F) Customer loyalty risk

If you guessed “F,” you get an “A.” You also might be surprised – as I was – to learn that one of the world’s leading authorities on risk identifies customer loyalty as the very top business challenges that will influence the board of directors’ agenda in 2012.

Risk consulting firm Protiviti just identified the top business challenges and audit committee items for 2012; interestingly, the list is based on experience with and insights from a broad range of global organizations and their boards. more

In my previous entry I mentioned a new study on M&A success factors. Since the pace of M&A activity is intensifying in China, I checked in with Tero Kosonen, the managing director of MPS China (BPI Group’s China-based firm), who this week conducted a presentation, “Managing in China,” in Chicago.

M&A activity is soaring in China. A record 4,251 announced transactions, the combination of which were valued at more than $200 billion, were completed in the 2010 calendar year. Compared to 2009, this activity represents a 16 percent increase in the number of deals and a 27 percent increase in the combined value of deals.

“Foreign companies are buying out their old [China] joint venture partners or acquiring Chinese companies,” Kosonen explains. “These processes include significant risks and oftentimes the due diligence in only done for finance, legal and operations, but not for HR. Many times these target companies have been run in a totally different management style than in the West. Therefore, the management should be carefully assessed already during the due diligence process.” more