And while the price of storage technology has come down in recent years, backing up mountains of data can be an expensive proposition. Some companies, in fact, are choosing to discard data after a short time. Haynsworth Baldwin Johnson & Greaves LLP, a Greenville, South Carolinabased law firm, sends new or changed files to a co-location site each night. After 14 days, earlier versions of files get deleted. Skip Lohmeyer, information systems director at the firm, says he’s able to retrieve files, which come across in an encrypted format, using a password and a built-in decryption code.
The cost: $4,400 a month to store 140 gigabytes of compressed data. “When you look at it from a mid-to small-company perspective, it may seem expensive,” grants Lohmeyer. “But [the reality is], you’re going to have a disaster.”
The growing number of nasty computer viruses almost guarantees it. Ten years ago, few corporate risk managers and contingency planners worried much about malicious code. “People thinking about disaster recovery were thinking about a catastrophic fire,” says AMR’s Travis. “They weren’t thinking about viruses.”
They are now. Peter Tippett, chief technology officer at Herndon, Virginia-based TruSecure Corp.’s ICSA Labs, reckons that the average cost to corporations from viruses and worms has been growing at a 70 percent annual clip for the past seven years.
In fact, Tippett claims that well over a third of U.S. companies had moderate to major damage from last year’s Slammer attack. The worm, which essentially swamped corporate networks with traffic, knocked out a portion of the ATM machines in the United States. Continental Airlines went to manual reservations and check-in, and flights were canceled or delayed. All told, Trend Micro Inc. estimates that malicious code cost global businesses $55 billion in damages in 2003.
That number is likely to go up in coming years. It’s not overly surprising, therefore, that CFOs are giving the OK for more spending on network security. And while few finance chiefs are going down into the trenches, some are at least helping draw up the battle plans to stave off disaster. Adams of Edgar Online says he now has periodic discussions about viruses, Trojan horses, and worms with the company’s operational staff. “It’s the CEO’s job to run the company,” Adams says. “It’s the CFO’s job to make sure there’s a company to run.”
John Goff is technology editor at CFO.
The Long, Long Trailer
Mention Calgary, the city of 400,000 in western Canada, and civil unrest doesn’t spring to mind. This quiet outpost in Alberta is better known for the Saddledome, all-season skiing, and the annual rodeo roundup called the Stampede.
But in 2002, the prospect of civil unrest was worrying managers at Calgary-based Canadian Pacific Railway. At the time, Calgary was getting ready to host a Group of 8 summit, and reports began circulating that protesters were going to try to shut down parts of the city. Recalls Paul Cammack, a manager of the railroad’s contingency-planning management group: “We were concerned employees might not be able to get into the building.”