Mon 6 Aug 2007
Acceptible Risk
Posted by jtmcarthur under New Markets, Product development, Security, Technology
Comments Off on Acceptible Risk
Last month, at the request of a friend at Genesis Partners, I facilitated a roundtable discussion with Chief Security Officers (CSOs) and Chief Information Officers (CIOs) from a few major global companies. The assembled group was part of a technology advisory council that the firm leverages to help guide them in investment decisions. There’s nothing like a few generals in the trenches to tell you what the “real world” is like.
Prior to the roundtable discussion there was a brief introduction by Dr. Henry Kressel, who has just written a book entitled “Competing for the Future: How Digital Innovations are Changing the World.” He closed his remarks with a cautionary comment that those of us who live in the United States need to prepare emotionally for a world in which our children are substantially worse off than we. The premise is founded in part, at least, on his accumulated evidence that digital innovation is moving rapidly away from its previous center of concentration in the United States. I’m not sure if it’s some sort of accelerated innovation entropy, but there’s little doubt that very innovative technologies are now coming out of countries and regions that had previously contributed very little to the digital revolution.
The comment seemed to upset one participant a great deal, and we ended up spending much of the time during the roundtable discussion focused on regulations and risk management and their impact on innovation. It was a logical topic given the number of CSOs at the tables. The basic question that the group discussed was whether CSOs, businesses, and the government, are too focused on risk elimination, rather than risk management, and whether the current risk-elimination mentality actually introduces new and greater risks to the companies. So the conversation between the CSO and the CEO might go something like this:
CSO: “I have good news to report. All of our information is secure, there is absolutely no risk that a disgruntled employee, a hacker, or a thief, can get access to any of our information.”
CEO: “Unfortunately our employees can’t do their work, and our clients can’t seem to find us.”
It’s popular to believe, then, that innovation will move to countries and regions that have fewer regulations, fewer restrictions, and less oversight. That’s been the argument by many companies to encourage a reduction in state and federal regulations. “The reason I can’t compete is because my competitors don’t have to follow all of the regulations I have to follow.”
There is at least some anecdotal and perhaps temporary truth to the claim, but if we accept the premise that the world is flat, or getting flatter, and that the economy is global, then ultimately I expect risk tolerance and risk-management practices will regress towards a global mean. I think one of the best examples comes out of the food industry. Much of the world’s food production is moving to developing countries, and many of these countries have proportionally fewer resources to apply to enforcement of production quality and food safety regulations than Western Europe and the United States. Witness the avian flu and tainted food product scares that have recently come out of rapidly developing Asian economies. Denial of risk can only last so long and developing countries will have to address product quality, product safety, information security, software piracy, and privacy issues, not only for the Western markets, but also for their own domestic markets. In a world of near-instant access to information, high risk will ultimately become as unacceptable in developing countries as it is in the U.S.
No Responses to “ Acceptible Risk ”
Sorry, comments for this entry are closed at this time.