Enterprise Risk Assessment: The Hunt for the Black Swan

Are we safe?

This is one of life’s more vexing conundrums.

In his landmark book, The Black Swan, Nassim Nicholas Taleb describes a type of event called a “Black Swan.” These events appear to be a complete surprise, but in hindsight can be rationalized as being inevitable.

The attacks of September 11, 2001 are a poignant example of such an event.  When we look back, we can see what lead up to it and why it was able to happen. The challenge is how we prepare for Black Swan events if they are a surprise?

Taleb’s conclusion is not to try and predict Black Swan events, but build robustness and agility into systems and processes so they can withstand any negative event.

Staying Profitable and Agile While Withstanding Black Swan Events

This is particularly challenging when you consider the vast ways that hackers can exploit information systems and cause widespread financial and reputational damage.

The answer is the same, you must build a set of defenses that manage, mitigate and eliminate risk. However, just reacting to threats is not going accomplish this. Protection measures must be carefully planned to meet the unique needs of your business. Moreover, these defenses must address all the dimensions of your business and be supported with people, processes, insurance, and third-party agreements.

Conducting an Enterprise Risk Assessment is the starting point for protecting your business. Risk assessments analyze the business, its assets, and people to identify the key threats that affect the business. Risk assessments then go on to define a set of controls that mitigate threats.

Without a strategy to deal with risk, it is easy to become lost among the drama of the threats. Risk assessments empower leadership to make sound, rational decisions about the state of the business and deploy protective measures efficiently.

Preparation Prompts Prevention

It is important that risk assessments come from an independent party who can analyze your business objectively and impartially. These outsiders are not encumbered with the internal politics or influences. This is why using a third-party risk assessor is so valuable.

Whether you’re at work, at home, or at play, safety and security are an integral part of lives. We owe it to our co-workers, loved ones, and community to address risk honestly. Conducting an organizational risk assessment can help ensure that your business is in the best possible position to handle the next Black Swan event and protect its assets, finances, reputation, and people.

Andrew Platois President / CEO of Anitian Enterprise Security, a national provider of information security, compliance, and risk management services and solutions.

Return to Blog index