Cyber Insights is the blog for senior executives seeking to take control of cyber security inside their organizations.
We’ve all seen the classic haunted house horror movies where, after having more than enough warning that something is critically wrong, the lead character and his supporting cast simply won’t get out of the house. Yahoo seems to have taken on this role over the last five years as the company has been the target of repeated cyber hacking while it’s market cap slid from over $50 billion to less than $5 billion. Meanwhile, its board of directors and C-level management appear to have largely ignored warnings outside of its in-house security resources, all the while failing to educate themselves about the risks and reasons that cyber security needs to be a board and C-level management priority. As quick as Yahoo’s trip to the bottom was, for many other firms it may be that the worst is yet to come.
At a high level, this is a symptom of a more fundamental problem that tech market analyst, Gartner has been warning F1000 companies about lately as it relates to cyber security, which is a failure to innovate. Corporate cultures that suffer from a not-invented-here syndrome, and the tendency to look to insiders and vendors who are cronies of in-house personnel, are just some of the killers of innovation, and sometimes the entire enterprise. Harvard’s Professor Clay Christensen, author and former consultant to Apple’s Steve Jobs, is fond of saying that most large organizations strip the disruptive innovation out of good ideas before they can even get started, in part because they lack a clear process to capture and implement those ideas. Failure to innovate is how IBM created Microsoft, Yahoo created Google, Reuters created Bloomberg (albeit all unwittingly), and the list goes on. Even the Federal Government has recognized that if they identify an innovative solution to a significant problem there is often no process to procure it.
The real horror is for Yahoo’s investors and clients who know this is no movie. Customers are already adding digital asset security to their shopping criteria when choosing suppliers, and there is a future coming where the SEC will require disclosures of such risks that directly impact shareholder value. Add to this the fact that global hacking is now a $2 trillion annual business (more lucrative than drug dealing and not nearly as dangerous), and it’s clear that senior management and boards need to heed the warnings to get out of the house before it’s too late.