McAfee sponsored an international team who surveyed more than 1,000 senior IT decision makers in the US, UK, Japan, China, India, Brazil and the Middle East regarding how they currently protect their companies digital data assets and intellectual property, and performed what appears to be relatively broad research on a range of survey-related topics.
The results of their work was recently released a couple weeks ago under the title “Unsecured Economies.”
They start with an assumption that “a distributed network of unsecured economies has emerged with the globalization of many organizations, leaving informational assets even more at risk to theft and misuse.”
The report describes their findings about cybercrime risks for key global players, along with their conclusions about need for organizations to take a more holistic approach to vulnerability management and risk mitigation in this rapidly-evolving global business climate.
I was recently thinking about how to consider information and technology infrastructure and operations risks associated with doing financial services business in China. With that in mind, I scanned the 36-page McAfee report for its findings concerning China, and found the following interesting statements:
- More than 60 percent of Chinese respondents cited “safer storage available elsewhere” as a reason for storing or processing sensitive data outside of their home country [page 6].
- 33% of Chinese respondents reported spending 20% or more of the IT budgets on security [page 6].
- Societal protection (enforcement and other actions) of information assets is weaker in (India and) China than in developed countries [page 6].
- Even as the threats increase, Chinese respondents said that investments to protect intellectual property will be decreased 14% because of the financial downturn. [page 7]
- Respondents reported losing intellectual property worth an average of $7.2 million US. in China [page 7].
- 51% of respondents stated that the threat level in China country is high — more than any other country [page 12].
- 62% of U.S. respondents identified China as the greatest threat to information security [page 13].
- Pakistan, China and Russia, in that order, were also perceived to have the worst reputations for pursuing or investigating security incidents. Respondents cited corruption among law enforcement and the legal systems as well as poor skills among law enforcement as top reasons for the reputation rating [page 13].
- Twenty-six percent of respondents had purposely avoided storing and/or processing data in China. Respondents pointed to both the lack of privacy and intellectual property protection as the primary reasons why China’s threat to sensitive data was so high [pages 14 and 15].
- Like many developing economies, China’s growth has far outpaced its ability to create and enforce legislation or—even more importantly—cultural attitudes toward protecting digital privacy and sensitive data [page 14].
- “China is a large developing nation,” said Dr. Timothy J. Shimeall of Carnegie Mellon University. “They are people rich but not resource rich. They are eager to develop the economy. The cheapest way, not necessarily the ethical way, is to indulge in industrial espionage. This is a concern with respect to other developing countries like India and Brazil also” [page 14].
- As companies in established economies invest millions, if not billions of dollars in research and development (R&D) activities, the dominant expectation has been that the investing parties should reap the rewards of any resultant success in the marketplace. However, not all cultures embrace this philosophy, particularly in emerging economies such as China and Brazil [page 21].
- As China and Russia’s economies soften, there will be even more pressure to “appropriate” intellectual property as a means to continue economic growth. Organized crime and state-sponsored groups in both Russia and China will continuously seek out new and profitable targets [page 23].
I understand that this is only one source, and may say as much or more about the author’s biases than it does about the “real” risks of doing business in China. But they, and McAfee must have some strong data, or strong feelings to generate such a grim risk report… What do you think?
I will check some other sources and report back on what I find. I will also summarize what the McAfee report has to say about India and Brazil in a future post.
If you have additional resources, data, or experience, please let me know.
— References —