Log in

Site menu:



Site search

May 2018
« Dec    



The Risk of Productivity

Last month’s RSA and Interop shows really demonstrated our industry’s penchant for the (sometimes seemingly incognizant and exploitative) overuse of the word “risk”. Being so beaten over the head with the word serves as a reminder that the measurement of risk isn’t easy. First, it’s strongly affected by situational context. A dignitary on a turbulent flight would be more likely to exaggerate the risk and anxiety of a plane crash, whereas a person surfing off the California coast would probably be thinking less of plane crashes and more of the risk of sharks. And this sort of variance in the measurement of risk is a good thing, otherwise either no risks or too many risks would be taken, and things would either stagnate or self-destruct.

Next, in addition to this contextual, and often emotional weighing of the imminence of a risk (the “what if the bad thing happens”), there is also the need to weigh the expected utility of taking the risk (the “what if I try this, and the effort is successful?”). Here, people can fall into two camps: those who more value gain, and those who more value the avoidance of loss. For example, would you wager $40 for a 50/50 chance (say a coin toss, heads you win, tails you lose) to make $100? If you say “yes,” then perhaps you more highly value gain, and if you say “no,” then you more highly value the avoidance of loss. But was this a fair question? Yes, because it serves to illustrate another important point, the distinction between expected utility and expected value. Expected utility is, again, often contextual and emotional, while expected value is mathematically calculable. In the above example, the expected value of the wager could be calculated by using the law of large numbers: over 1,000,000 tosses, we should begin to approach a distribution to 500,000 heads and 500,000 tails. For each head, the gain is $60 and for each tail, the loss is $40. Multiply 60 by 500,000 and you get a total probably gain of $30,000,000. Multiply 40 by 500,000 and you get a total probable loss of $20,000,000. Divide by a 1,000,000 (the total number of tosses) and the expected value of each toss is $30-$20 or a gain of $10 per toss. Did you decide to take the wager? Does your expected utility agree with the expected value? Should you have taken the wager? Let’s just say you won’t find this game in Vegas.

The recognized start of this sort of thinking was the 1730’s, when a paper was presented to the Imperial Academy of Sciences in St. Petersburg which carried the following quotes:

  • The value of an item must not be based on its price, but rather on the utility that it yields.
  • The utility resulting from any small increase in wealth will be inversely proportionate to the quantity of goods previously possessed.

The author was Daniel Bernoulli, regarded by many as the father of risk analysis. He went further to describe that wealth is perceived more as a factor of productive capacity than of assets. From these principles, one might make the following extrapolations:

  • Reducing the value of utility reduces the amount of risk that will be taken in its pursuit.
  • Reduction of the value of utility can be achieved by increasing its availability (supply), independent of the context of that risk.

Mapping all these concepts to information technology:

  • The tendency for people to take risks with the security of their data must at least partially motivated by their pursuit of the “wealth” of increased productivity.
  • We should then be able to decrease the tendency for individuals to take such risks by decreasing the value of productivity.
  • Therefore, it is not entirely unreasonable to suggest that organizations could reduce their overall IT risk posture by rewarding employee productivity less.

Decrease productivity? Crazy, sure… But less risk and an increased chance for employee life/work balance ought to be worth something in offset to the shareholders.

Share: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Twitter
  • LinkedIn
  • Facebook
  • email
  • Google Bookmarks
  • StumbleUpon
  • Reddit

You must be logged in to post a comment.