Every company should plan for information system security and IT governance, but technology companies bear an extra burden: high expectations from partners and the public. The thinking seems to be that if anyone should have a handle on cyber security, it’s companies that make technology their business. The idea makes sense, but technology companies are no more immune to cyber threats than any other industry.

As a matter of fact, the value of the intellectual property and their open embrace of technology solutions make technology companies even more vulnerable. There’s no reason that well-established operating procedures and strong cyber defenses cannot exist alongside innovation. Risk assessment draws on the knowledge and priorities of multiple stakeholders to develop a mitigation plan that aligns with business goals. Governance is an opportunity to review IT policies and procedures to make sure they are efficient and reduce the opportunity for errors.