Valuing the Information Asset

Whilst information and data now underpin almost all economic activity, there is no consensus on how information and data should be valued. In securing information assets, the security industry largely adopts a risk-based approach, focused on the cost to the business of loss or harm to information assets. The question we set out to research was whether security professionals are undervaluing the information asset by focusing too much on the cost of its loss, at the expense of its wider benefits to a business or organisation.

IAAC and the Royal Academy of Engineering brought together security practitioners with a wide range of stakeholders from the finance, accountancy, insurance, engineering and business communities, to engage in this study. This report draws on discussion at workshops, supplemented by desk-based investigation.

To access the report please link on the link below