Did you know only approximately one in 200, or about 0.5%, of high school senior boys playing interscholastic baseball will eventually be drafted by an MLB team? That includes all levels of professional baseball. Only a small percentage of players drafted actually make it to the Major Leagues. The competition to make it to the Majors is extremely fierce. Players have to stay on top of their game for years to make it. It takes years of dedication in the batting cages to hone your swing.
Once you make it to the Majors, getting into the rotation and making it to the plate is another challenge. Then, hitting with any consistency is your next obstacle. Hitting a home run results in another round of small probabilities. What about a grand slam? With an average of 135 or so Grand Slams per year, 30 teams, playing 162 games with an average of 34 at bats per game puts the odds of hitting a grand slam around 1:1200. When you compound those odds, the chance any person will make it to the Major Leagues and capture one of the signature highlight moments in sports (the Grand Slam) is miniscule. As it is famously said though - even if the odds are one in a million, there is still that one chance.
Risk works pretty much like this too. Even if you implement control after control, layer upon layer of defense, inspect every packet flying across your network, watch every transaction - there is always that ONE chance that something slips through. And the impact of this one in a million risk can be tremendous in some cases. Did you know that June 4th, 2017 is known as the "grandest day in Major League Baseball"? Seven grand slams were hit in one day! What are the odds of that happening? More importantly though, it DID happen.
Probability in risk is part of the equation we all must consider. Today, risks pop up at the most inopportune times (like that mediocre utility infielder pinch hitting in the late innings). Organizations today must be prepared for all types of pitches. The hard fast ball of the motivated and tenacious security threat. The curve ball of insider threats and fraud. The change-up from the regulators. I may be belaboring the metaphor, but you get the picture. Managing risk - like making it to the Major Leagues - is an objective that requires skills, hard work, a vision and daily persistence.
Why is all of this talk about how hard it is to make it to the Majors, and then the odds of hitting a grand slam important? While RSA® Archer didn't hit seven grand slams we did hit the "Business Risk Grand Slam".
Check out our most recent announcement regarding Gartner's latest rounds of Magic Quadrants.