Securing the Digital World

The East India Company, Rockefeller and Risk

Oct 09, 2019 | by Steve Schlarman |

Architecting a business has taken many forms over the last few centuries. We can trace the concept of a company, as we think of it today, back to trading companies, like the East India Company or the Hudson’s Bay Company, that were chartered under 17th century monarchs. 200 or so years later, the industrial revolution spurred the massive trusts of the steel, railroad and oil industries. These businesses were built on ore from the ground, transportation from one location to another, factories and physical labor. The idea of starting a company was typically limited to a few special individuals—those with major financial backing or the moxie to dream big. But one thing was common for everyone looking to start a business venture in the past: They were limited to the physical world of work.   

Not so today. The digital world provides seemingly infinite ways for entrepreneurs to realize their visions. From social media and viral advertising to IoT and serverless platforms, the technology available today has lowered the barriers to entry for aspiring entrepreneurs. The ability to dream big is no longer bound by the physical world. It’s as if you no longer have to build a house in three dimensions. The digital world has given us a fourth dimension.

Digital initiatives are changing how companies operate today and how they dream about tomorrow.  What would the captains of the East India Company have done with modern navigation? What would Rockefeller have accomplished for his Standard Oil Company using today’s computing capabilities? Pretty much what we see happening today: an explosion of innovation fueled by digital transformation. And today, just as there were for those captains seeking fortune on uncharted seas, there are risks that need to be considered and rewards to be discovered.

There are two ways to think about this risk/reward equation. The first method involves determining the negative effects of a risk, and in general it’s the default mode of operation for many risk professionals. The loss exposure of an event, such as a data breach or major IT outage, provides a measure if things go wrong. The other method focuses on the positive outcomes if things go right. This tends to be the default mode for entrepreneurs, who use return on investment calculations as the basis for every business case. The ability to quantify risk at both ends of this spectrum is a crucial skill today. When architecting a business venture, it is important to understand this risk/reward paradigm. And it is increasingly unfair if one side comes with a red/yellow/green scheme of measuring risk and the other side comes with cold, hard dollar figures.

Quantifying risk is essential to business decision-making. For risk and security professionals, the challenge is to mature this capability to the point where the playing field is level with the business. One way is to more accurately capture loss exposure in financial terms. Another way is to better understand the ROI and business case of the positive results as a factor in risk assessments. Central to each effort is an ongoing, constructive dialogue with your business counterparts.

# # #

Join the #TalkingDigitalRisk conversation on Twitter and social media by following @RSAsecurity