With the growing number of firms falling prey to cyber risk, governance failures and market forces, there is a need for greater agility in how decisions are made and risks confronted. Yahoo!, with its record-breaking cyber breach estimated at more than 500 million records, and Wells Fargo are but two of the latest firms to face complex challenges and an unwanted public excoriation. Like VW’s emissions scandal or the warning signs that could have prevented the Germanwings disaster, it is time for senior business leaders and their boards to change the way they think about risk and therefore how they respond to it.
Complex systems fail in complex ways. Many of these failures are either fueled by or missed in the byzantine maze that is the modern enterprise. Addressing these organizational blind spots requires equipping people with common levels of risk awareness, codes of conduct and alignment to value systems. A maxim is a general truth, fundamental principle, or a rule of conduct that can be helpful in creating this alignment. The following risk maxims can help reduce complex enterprise risk management principles into actionable guidelines and patterns of behavior at all organizational levels.
Values matter most when they are least convenient – When confronted with challenging situations, value systems are meant to guide behavior and decision making. After 9/11 the Geneva Conventions took on entirely new meaning in the U.S., just like Johnson and Johnson’s now famous Tylenol recall in the 1980’s was informed by the firm’s credo to put the people they serve first.
Sunlight is a great disinfectant – In the age of rampant cyber risk and unwanted disclosure, privacy is a luxury. The negative effects of the Sony Entertainment hack were amplified by inconsistent behavior among top officials. Contrasted to the leak of Mossack Fonseca’s Panama Papers, few were surprised by the misdeeds of dictators and nefarious government officials.