The news that Sony Pictures had been warned of vulnerabilities in its network security, prior to the recent and well-publicised hack of its systems, comes the same weekend that in the UK there is news that the Civil Aviation Authority had warned in advance of last week's air traffic control "glitch" that systems were not resilient enough to cope with the disruption that might be caused in such a situation.

The impact of such news, coming as it always will on top of an already difficult and credibility-damaging situation, is to compound the reputational harm to the organisation in question. The need for security audits, the testing of disaster-recovery plans and other systems resilience, are all now well understood by most large corporates. But it will never reflect well on any organisation, that it has received feedback from such exercises that suggest the need for improvement, and has failed to act on those warnings.