24 January 2016

Adverse Consequences: Enabling Digital Trust of Global Enterprises...

In the World Economic Forum 2016 - Global Risks Report, there are several insights and alarms that Operational Risk Management (ORM) professionals and the Board of Directors are quickly analyzing.  This years Davos, Switzerland Annual Meeting and report has the underlying theme of the "Fourth Industrial Revolution".

Our first insight, is the rise in "Cyber Dependency" that is called out in the "Risk-Trends" Interconnections Map.  It is tied directly to the following technological "Global Risks" ranked by highest impact:
  1. Cyberattacks
  2. Critical Information Infrastructure Breakdown
  3. Adverse Consequences of Technological Advances
  4. Data Fraud or Theft
#1 makes sense in the Upper Right Quadrant of High Impact and High Likelihood.  The alarms however are going off, with #2 and #3 for several reasons.  First, they are in the Upper Left Quadrant of "High Impact" and "Low Likelihood".  Why does this create concern?

The Upper Left Quadrant has risks that some of the most experienced OPS Risk professionals will pay attention to the most.  This is the place that organizations usually ignore with people and resources and where enterprises are caught off guard or blindsided by asymmetric threats.  These are the risks that no one has really exercised for and is not actively developing proactive hypotheses, to address in a real-time crisis.

There are two other risks shared in this same Upper Left Quadrant in 2016:
  • Weapons of Mass Destruction
  • Spread of Infectious Diseases
These are risks that nation states spend hundreds of millions of dollars each year collecting intelligence on and devoting substantial resources to try and keep the likelihood of these occurring, as low as humanly possible.  The impact on humanity is far to great not to devote attention to these, yet the private sector is rarely involved.

Now, let's consider the other two in the same quadrant, slightly less in impact and just a little higher in likelihood.  What does each really mean as a global risk?

"Critical Information Infrastructure Breakdown": "Cyber dependency increases vulnerability to outage of critical information infrastructure (e.g. internet, satellites, etc.) and networks causing widespread disruption.

"Adverse Consequences of Technological Advances"
:   Intended or unintended adverse consequences of technological advances such as artificial intelligence, geo-engineering and synthetic biology causing human, environmental and economic damage. 
  • global risk is an uncertain event or condition that, if it occurs, can cause significant negative impact for several countries or industries within the next 10 years.
  • global trend is a long-term pattern that is currently taking place and that could contribute to amplifying global risks and/or altering the relationship between them.
Although organizations may recognize the benefit of cyber technologies for their bottom lines, they may not be fully internalizing cyber security risks and making the appropriate level of investment to enhance operational risk management and strengthen organizational resilience. Particular attention is needed in two areas that are so far under-protected: mobile internet and machine-to-machine connections. It is vital to integrate physical and cyber management, strengthen resilience leadership and organizational and business processes, and leverage supporting technologies. (Page 23 of WEF_GRR16)
The combination of the two aforementioned technological global risks, are almost invisible to the major stakeholders of our vital organizations and governments.  This is because the focus on "Cyberattacks" and "Data Fraud or Theft" has dominated the news cycles.  It makes sense.  However, we must consider this:
As is often the case, however, public-private partnership can be held back by lack of trust and misaligned incentives. Businesses may fear exposing their data and practices to competitors or to law enforcement agencies. And the private sector’s primary interest in rapid recovery and continuity of business operations may not align with the public sector’s primary interest in apprehending and prosecuting perpetrators. In addition, governments need to balance their investments in cyber offensive weapons and efforts to enhance capabilities for cybersecurity and defence. (Page 83 of WEF GRR16)
 Cyber Dependency.  A long-term pattern that is currently taking place that could contribute to amplifying global risks and/or altering the relationship between them.  The underlying root cause of the disruption and the perceived risks are focused on the integrity of "Digital Trust"and the continuity of "Trust Decisions":

  • Machine-to-Machine
  • Person-to-Person
  • Business-to-Business
  • Government-to-Government
  • Country-to-Country

Business Executives and Leaders of Nation States, have one thing in common.  Their employees and their citizens are evermore connected by mobile digital devices.  Their economic engines of banking, finance and trading are dependent upon the confidentiality, integrity and assurance of data.  The abilities and the opportunities by the mass of humanity to continuously leverage their personal digital devices, is simultaneously a global risk.  So what?

You see, the 2016 Global Risks Report is flawed.  It relies on an outdated and soon to be irrelevant set of four Quadrants.  The axis of Impact and Likelihood, are no longer capable of addressing risk management and the human perceptions of both.  On the planet Earth, in the Internet ecosystem of 500 Billion computing machines, lies the answer to our future quest:

Enabling Digital Trust of Global Enterprises...

No comments:

Post a Comment