British Airways IT failure highlights that IT infrastructure is a board level responsibility.
A business such as British Airways (BA) should not have experienced the catastrophic IT failure that caused absolute chaos for thousands of passengers last weekend. A multinational business that relies on IT infrastructure 24 hours a day, 365 days of the year should know that any IT failure would result in massive interruption and huge financial consequences. The interruption affected almost 75,000 customers over three days and the financial consequences are significant with BA facing a compensation bill of over £100M.
The CEO, Alex Cruz, in a number of press conferences appears to have only just now realised that in this digital age:
- you cannot rely on old systems;
- you must make regular upgrades to hardware;
- you need strong IT business continuity plans in place and;
- you must ensure that local data centres have constant support and redundancies in the event of downtime.
Mr. Cruz could not even say that this outage was a surprise, given that this is the fourth IT incident that BA has suffered in the last 10 months, perhaps indicating that there is a deeper inherent problem at BA and its parent company IAG.
The resulting media storm that has affected BA and its CEO should be a reminder to C-Level executives that IT infrastructure and cyber security is a board level responsibility. When IT failures or cyber security attacks have occurred in the past, many CEO’s have failed to address the media in ways that convey an appreciation of what has truly occurred. By way of example of the consequences of a PR failure, the CEO of Talk Talk, Dido Harding, stepped down 18 months after a cyber-attack affected tens of thousands of the company’s customers. It could be argued that the BA CEO has also had a similar PR hiccup, first blaming a power surge and then blaming a communications hardware failure. It will be interesting to see how he recovers from this incident.
Inadequate IT governance can also potentially wipe millions off a company’s valuation, as BA found out to its cost. It also highlights the need for the board to take IT governance more seriously. As was seen in the recent WannaCry attack, failure to upgrade systems can result in increasing operational crises.
Structured IT risk management and comprehensive cyber security practices, combined with the procurement of an insurance policy that protects a business’s multi-faceted exposure, is an prerequisite for all organisations in the current digital environment.
If you would like to discuss further please contact the Safeonline team: Cyber@safeonline.com