Monday, February 08, 2010

Adaptive CxO: Utilizing a Decision Advantage...

How fast can you and your organization adapt? 5 minutes. 5 hours. Or 5 days. An adaptive enterprise that is capable of rapidly adapting to a continuously changing "Operational Risk Ecosystem" within minutes or hours, will have the highest likelihood to survive. Days could mean the end of the relationship with customers, employees and your vital supply chain. Corporate obituaries are all too common soon after a significant business disruption. Whether physical, cyber or both the adaptive enterprise is not only resilient but also possesses the most sought after business risk asset, an effective "Decision Advantage."

This past weekend, the Wasington, DC region has been crippled and brought to it's knees by "Mother Nature". Not an earthquake, nor tornado or even fires or floods (yet) but a tremendous amount of frozen precipitation.

Parts of the eastern United States remain largely paralysed for a third day after some of the heaviest snowfalls in decades.

Transport links in Washington DC and nearby states have been severely disrupted and hundreds of thousands of people are still without power.

Federal government offices and most schools are shut after the authorities advised people to stay indoors.

Weather forecasts are warning of fresh blizzards due on Tuesday.

The storm has disrupted transport from West Virginia to southern New Jersey.

Some parts of Washington experienced up to 32in (81cm) of snow, one of the heaviest snowfalls in decades.


The ability for a metro area, enterprise or even household to adapt and recover will be directly in correlation with the amount of practice, training and prediction excellence. Time and resources utilized by many to anticipate, drill, enhance skills and tweak the intelligence feeds will make all the difference in the outcomes. Many will survive and some will perish. It's in most cases directly proportional to the investment in the preparedness for all threats and all hazards. This is the core of the true Operational Risk professional.

And while your financial institution, defense industrial base firm or telecom or energy company was being tested in the "Continuity of Operations" plans this past few days in the National Capital Region (NCR), as the CxO for your enterprise, what grade would you give yourself in terms of business resilience?

On the Digital battlefield the corporate enterprise is getting a much better understanding of the economics of a data breach:

PGP and the Ponemon Institute have just announced results of the fifth annual U.S. Cost of a Data Breach Study. The overarching conclusion is that breaches are getting more expensive.

Data breaches cost U.S. companies $204 per compromised customer Relevant Products/Services record in 2009. That compares to $202 in 2008. Despite an overall drop in the number of reported breaches -- the Identity Theft Resource Center reports 498 in 2009 vs 657 in 2008 -- the average total per-incident cost in 2009 was $6.75 million. In 2008, that number was $6.65 million.

"In the five years we have conducted this study, we have continued to see an increase in the cost to businesses for suffering a data Relevant Products/Services breach," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "With a variety of threat vectors to contend with, companies must proactively implement policies and technologies that mitigate the risk of facing a costly breach."


The Cyber Economics of losing laptops, internal data exfiltration and the effectiveness of industrial espionage make the "Brain" of any enterprise vulnerable to the loss of vital information and trade secrets. One of the the latest spy cases is now at the sentencing stage:


An elderly Chinese-born engineer convicted of economic espionage for hoarding sensitive documents that included space shuttle details faces sentencing Monday, and prosecutors are seeking a 20-year term.

A judge found Dongfan "Greg" Chung, 74, guilty in July of six federal counts of economic espionage and other charges for keeping 300,000 pages of sensitive papers in his home. The documents also included information about the fueling system for a booster rocket.

Despite Chung's age, prosecutors have requested a 20-year sentence, in part to send a message to other would-be spies.

Assistant U.S. Attorney Greg Staples noted in sentencing papers that Chung amassed a personal wealth of more than $3 million while betraying his adopted country.

"The (People's Republic of China) is bent on stealing sensitive information from the United States and shows no sign of relenting," Staples wrote. "Only strong sentences offer any hope of dissuading others from helping the PRC get that technology."


In a continuously evolving "Operational Risk Ecosystem" the corporate executive making decisions must be able to command a "DecisionAdvantage." Utilizing the latest technologies, networks and resilient designs for critical cyber infrastructure and combining this with the correct software is only the beginning. Again, you must ask the question. How long does it take your enterprise to adapt?

Whether the executive makes the phone call to keep employees working from previously designated remote sites; sends the "All Hands" text message to be on the look out (BOLO) for foreign nationals with US visas taking home work on sensitive projects or enabling the corporate networks to withstand the latest DDOS attack does not matter. What ultimately will be a CxO's best opportunity to survive or perish will be the "DecisionAdvantage."