Industry News by Nate Shames Jan 19, 2018 Don’t Let Cybersecurity Be a Blind Spot Are people lucky or skilled? This question is important to consider in any performance-related field. A lot of what we attribute to skill is often simply luck in disguise. This is especially true in business, a notoriously fickle and complex field of human endeavor. Indeed, CEOs are often held up as uniquely talented visionaries that are uniquely responsible for the successes and failures of their companies. Jack Welch, one of the most famous business figures of the 20th century, is one such example. He was a charismatic leader who transformed GE into a massive, highly successful conglomerate with fingers in everything from refrigerator manufacturing to financing to movie production. GE became the largest company in the world during his tenure, and Welch has been celebrated ever since. But his successor as CEO of GE, Jeff Immelt, is more skeptical of Welch’s performance. Not only did the huge GE Capital division that served as the engine of much of GE’s growth during Welch’s tenure turn into a massive liability during the financial crisis, but Welch’s skill may have been less relevant to GE’s performance than the broader economy. Immelt pointed out that it would have been hard to lose money running a business like GE in the United States from 1980-2000. Where many people saw the unique capabilities of a genius manager, Immelt saw a figure riding waves he did not create to great success. Warren Buffett likes to use the example of a nationwide coin-flipping contest to demonstrate how we mistake luck for skill. Buffett asks us to imagine a scenario in which everyone in the United States is given a coin to flip. Whoever flips heads proceeds to the next round and is rewarded $10,000 and whoever flips tails is out of the competition and earns nothing. This goes on until there are only a few people out of the original 325 million who are still in the game and who have amassed millions of dollars in fortune. These individuals then go on to write books about how they accomplished this amazing achievement and are paid large speaking fees to talk about the skill. The problem is that there is no skill involved in flipping a coin. It’s just chance whether it ends up as heads or tails. What they mistake for their personal skill is merely luck. Most business leaders, and people more generally, succeed as a result of a combination of skill and luck. Bill Gates was lucky to live where he did and have access to the computing resources that he did as a teenager. Bill Gates was also a highly skilled businessman who understood the business potential of operating systems before most. Warren Buffett was really lucky to get rejected by Harvard and instead attend Columbia where he met Ben Graham, but he is also the greatest investor of all time and made a number of conceptual advances that left his mentor behind in important ways and laid the groundwork of Berkshire’s success. Despite his own protestations, I think he would have been a great investor had he not met Graham (although perhaps not the greatest of all time). Garry Kasparov, however, didn’t rely upon luck at all. He is simply an incredibly skilled chess player while Paris Hilton was simply lucky to be an attractive heiress in the age of TMZ. Luck and Cybersecurity The complex interdependencies between luck and skill should instill a degree of humility in those in business. Very few people are like Gary Kasparov (and I imagine Kasparov himself would be quick to point out the various ways in which he was lucky!). If everything we do is not the result of skill, then we don’t exert conscious control over everything we do. It’s not all by our design. So we have to be aware of our blind spots and remember that luck is playing a role in our success. This is important in our line of work because people often neglect their data security because nothing has happened to them … yet. But as the saying goes, “it’s not a question of if you suffer a data breach, but when.” If you recognize that luck plays a role in business, you have to acknowledge your blind spots where luck has been what has kept you afloat. If you don’t have a data security suite and haven’t suffered a breach or attack, then you have gotten by purely on luck. Don’t let that condition persist. Don’t let security be a blind spot. Do something about it.