So much of running a successful business is risk management.
Both short-term decisions and long-term strategies are heavily influenced by risks and an organisations attitude to those risks. Some organisations are happy with a fast and loose strategy operating on a very high-risk profile. Other organisations are more comfortable with a highly risk adverse strategy.
Only time can really judge if an organisation judged and acted on a given risk appropriately - but I do feel that many businesses can be too short sighted with a "It’s never going to happen" mentality.
Take for example cyber security;
None of us would leave our home without locking our doors and windows. Almost all of us will have insurance against burglary.
And yet when discussion the cyber equivalent with organisations, I will often get the retort of "It’s never going to happen".
One CFO told me that:
"Cyber security was a myth peddled by organisations trying to sell you expensive solutions to a problem that didn't exist".
Given the nature of that CFO's business and how much personal data they process, that was a terrifying statement indeed.
Within the cyber security community there is an adage:
"There are two types of organisations. Those that have been hacked and those that haven't realised it yet."
Cyber attacks are rife; be it attempts to access your company data, subvert your computer equipment, tricking your finance team into unauthorised payments, or simply for fun - attacks are being made (and being successful) each and every day.
To simply dismiss as "It’s never going to happen" is both poor management and morally reprehensible if you are holding personal data (and likely illegal).
Another risk that often gets filed under "It’s never going to happen" is disaster recovery. What happen if your office burns down?
Do you have all the necessary parts held offsite to allow you to restart your business?
Do you have backups of the relevant data? Do you know how to contact all your staff? Do you even know where you will start up again?
Could your business survive what it takes to come back from such a disaster?
And for those still thinking "It’s never going to happen"; it is happening now with Covid-19.
Business that previously did not consider the loss of their physical office as a risk are struggling greatly now.
Whereas those businesses that considered disaster recovery and invested in business continuity find themselves so much better able to handle the pandemic.
And even now, as the England enters a second lockdown, there are many business that haven't learnt from the lockdown earlier in the year.
How many restaurants have failed to develop a takeaway offering?
How many shops have failed to setup an online presence?
These are businesses that will be badly hurt by the second lockdown - and my heart goes out to them - but they really need to thinking about how to handle the risk rather than responding with "It’s never going to happen" (again).
Through September I ran a survey to establish UK Executive's attitudes towards custom Software Development.
Unfortunately the survey failed to obtain enough respondents to be useful, but I want to share my experience.
So in this podcast, I largely cover how the survey was designed, how I promoted it and the lessons learnt.