Technology, Strategy, Cyber, and Risk
How do you assess the risk of missing the opportunity to leverage disruptive technology?
Does being on the “bleeding edge” still scare you?
Are you scared of cyber risk that you are rooted in place?
With incredible advances in technology coming at us from all sides, the potential for organizations to offer new products and services, as well as make dramatic improvements in how they run the enterprise, is huge.
Yet, each of these new technologies also introduces new risks that are of concern to information security, risk, and assurance professionals.
I am concerned that organizations are not prepared to survive let alone thrive in this environment.
I want to share some questions for your consideration, but let’s look first at one new technology that is emerging as disruptive to manufacturing and other sectors: additive manufacturing, commonly known as 3-D printing. These two sites explain some of the potential:
For most of us, 3-D printing is something from the world of science fiction or TV series. But, it is real and it is now.
Do you think every organization that could be affected by this technology has taken the necessary steps to determine how it should affect their organizational objectives and strategies? Do they even know how it could affect them?
My questions:
- Is your organization monitoring new technology and able to identify how it could affect your organization?
- Do you know what your competitors may be doing with it?
- Do you know what other organizations are doing or planning to do that might turn them into competitors (think Apple and Rolex)?
- Are the right people thinking about how the technology could affect your organization?
- Do they have the ability to come up with ways to use the technology that are novel and different from others?
- When new technology is considered, does your organization have reliable processes to assess related risks?
- Is the voice of risk heard – and understood?
- Is your organization prepared to take the risks necessary to succeed?
- Do you understand the risk of not taking the risk?
- Is your organization sufficiently agile to cast old ideas aside and seize the opportunities?
- Is your organization willing to wait when the (adverse) risk exceeds the opportunity?
- Do your information security, risk management, internal audit, and other assurance providers steer you to take the right risks or are they only a drag, pointing out the negative?
Do you agree with this list? What would you change?
I welcome your comments.
Leave a Reply
Norman Marks on Governance, Risk Management, and Audit 
I think your list is complete, but more to the point, how do we recognize when your companies are properly structured? While now directly within my charter, I do see structural changes in the company with certain departments growing quickly (i.e., planning, business development IT, and communications). This is an indicator of adjustment to/for change, but nothing guarantees a company is ready for disruption.
Allan, growth is not always an indicator of agility. Sometimes a larger department has more to protect and becomes resistant to change.
How do you know whether your organization is agile? I don’t know that there is an easy test. It’s probably something you can sense in the way the management team operates.