The question of what to do with unused IT equipment is a rapidly growing security problem for many companies hit by the recession and the accompanying layoffs. Countless desktops, laptops, servers and hand-held devices are lying around -- often with sensitive data on them -- gathering dust in cubicles, in stockrooms or on vacant desks. At the same time, software licenses, notoriously easy to lose track of, are also piling up. Many IT functions are under funded as enterprises drive for improved productivity and expense reductions. Decisions are made on in a spirit of making do. For example, Since no one is using the abandoned offices and equipment there is no risk...
When an organization is in survival mode, resources are being husbanded and everyone's working flat out, it takes a strength and leadership to say "no, not good enough" to something that is apparently working well. It is also difficult to justify more spending with no direct effect on revenues, and to demonstrate that something that seems optional is in fact required.
Responsibility for security and disaster recovery planning cannot be abdicated. It is hard enough for an organization to recover from a serious security breach at the best of times. These are not the best of times. Argued from the context of minimizing risk, the value of doing it right is clear. Make sure you're equipped to win that argument.