Precedent Matters: Physical and Cyber Security Materiality
Cyber-attacks continue, seemingly unabated. Major industrial incidents seem to remain regardless of efforts to curtail them as well.
In many cases significant shareholder value is destroyed and perhaps never to be regained. Lives are lost and business models compromised.
In isolated incidents, senior executives “retire.” Usually, it is business as usual until the next time with the promise not to do it again. However, there is precedent for punishing organizational maleficence.
Regarding cyber security, the digitalization process underway places the process of managing information technologies into the arena of “core competency.” There are several definitions of the term. Digitalization is the process of using digital technologies as a way of doing everyday business. In other words, this process is material to the wellbeing of the firm.
While not an attorney nor offering advice, one can observe that in the late 1990s another software issue was so concerning that the U.S. Securities and Exchange Commission issued guidance for public companies and others regarding the risk and materiality of exposure to the so-called Y2K date rollover. Most affected firms had significant efforts underway to assure business was not disrupted and/or risk mitigation strategies were put in place.
Shortly thereafter, the activities of Enron, MCI and others resulted in the Sarbanes Oxley Act of 2002. Section 404 of that act requires firms put in place “management systems” to assure adequate and effective internal controls and transparency regarding financial reporting.
According to one source approximately $2.5 trillion in value can be unlocked by digitalization for the oil industry ecosystem. However, if cyber security is weak and SCADA and process controls systems are exposed lives may be lost and facilities may be irreparably damaged.
One view is that today’s Industrial Internet of Things (IIoT) organization has greater exposure than any Year 2000 problem may have caused. Shouldn’t society and investors have protections in place equal to Y2K and SOX?
There is precedent for holding organizational leadership accountable. Digitalization is a Board of Directors agenda item!
Critical Mass: Value from the RBC Framework
Nuclear physicists define the term, “critical mass” as the amount of fissile material whereby a nuclear reaction is self-sustaining. From that original definition, the construct is further developed along societal and political terms as a function of the environment and number of adopters and their interdependencies that create enough of a consensus for individual actions that sustains an undertaking.
In 1996, the author published the first of several case studies on a societal interaction model based on the Relationships, Behavior and Conditions (RBC) construct among economic actors. Previously the model was only in the domain of academia.
This blog addresses contemporary issues from the RBC perspective and whether in the present state they are sustainable or not. Many readers may be familiar with the “Innovation Adoption Curve.” RBC seeks to enlighten the causality of behaviors that cause movement towards the critical mass that generates movement along this diffusion curve.
- Is Your Digitalized Organization Cybersecure? April 15, 2018
- Organizational Predators: Jackals, Hyenas, and Wolves in Managerial Clothing January 25, 2018
- A New Relationship January 10, 2018
- Excellent Behaviors: Assessing Relationships in the Operational Excellence Ecosystem December 22, 2017
- Precedent Matters: Physical and Cyber Security Materiality November 28, 2017
Other Blogs Dr. Shemwell Authors
Dr. Shemwell is an author for the following 3rd party blogs.
Governing Energy Blog
BTOES Insights is the content portal for Business Transformation & Operational Excellence opinions, reports & news. Dr. Shemwell is a contributor.
About the Author
Dr. Scott M. Shemwell has over 30 years technical and executive management experience primarily in the energy sector. He is the author of six books and has written extensively about the field of operations. Shemwell is the Managing Director of The Rapid Response Institute, a firm that focuses on providing its customers with solutions enabling Operational Excellence and regulatory compliance management. He has studied cultural interactions for more than 30 years—his dissertation; Cross Cultural Negotiations Between Japanese and American Businessmen: A Systems Analysis (Exploratory Study) is an early peer reviewed manuscript addressing the systemic structure of societal relationships.