Many IT decision makers look at assets as hardware, but really they should consider why they have the hardware in the first place.
These decision makers remember the very significant investments they made in servers, PCs, firewalls, and so on in order to deploy that new CRM or Electronic Medical Records System. They think of the tens of thousands of dollars they spent just to get their system functional. It’s understandable then that the memory of this investment makes many decision makers forget why they invest in these systems in the first place, which is to gather and manipulate data for critical organizational functions. So the real asset they are protecting is that data.