Information security assured on centralised systems through application of principles previously established for paper-based systems. The advent of personal computing and distributed computing potentially turned that model upside down. It seems that the eagerness of organisations for encouraging technology (Availability part of the CIA acronym) seemed to take precedence over the finer meaning of Confidentiality and Integrity, in spite of (in the UK, at least) changes to legislation. The huge increase in portable data storage capacities ensured that what may have been perceived as a minor irritant in the 1980s became a potential nightmare scenario by 2007, which caused two government reports to report “systemic failure”. This paper looks at the development of end-user computing, and suggests that the problem occurred because of a lack of information risk assessment over many years