Technology Management, Cyber Risk, and Leadership in Digital Transformation
By Charla Griffy-Brown, who works extensively in the area of digital innovation helping organizations leverage new opportunities through analytics, risk evaluation, and emerging technology deployment to achieve their strategic objectives.
What are the most interesting, novel, and profound findings of your research?
Highlight #1. Making Better Decisions in a New Technology Environment.
Emerging technologies such as artificial intelligence, the Internet of Things, and distributed ledger continue to transform businesses, enabling new value creation in transformative ways. Their potential social impacts create increasing risks. These risks are not easily identified or evaluated making it difficult to address them. The results of this research over the past five years have yielded a new theoretical framework we have called “Enterprise Risk Management Optimization” which is now being cited in more cyber risk research and used by Chief Information Security Officers, boards, and incorporated into conversations with NIST. This framework has resulted in a new risk-based approach for cyber security which companies such as CitiNational Bank, Paramount, Johnson & Johnson, Nintendo and many others use.
Highlight #2. Avoiding Bias and Identifying Risk in Emerging Technologies
Critical challenges business leaders face in the smart machine age revolve around the tension between managing risk and creating agility amidst increasing turbulence. Incorporating these critical elements into decision-making requires that executives have a deeper understanding of the risks involved so they can make better decisions ensuring agility. On the risk spectrum, reputation and trust are becoming more of a premium and, therefore, businesses must place these issues as high priorities for corporate governance. This research involving companies in different verticals deploying AI across various functions revealed that the key to deploying ethical AI and other emerging technologies, regardless of the application, is mitigating the data limitations of bias, transparency, and monopoly. Most importantly, it showed that one way to address these critical issues is to ensure there is diversity in designers and decision-makers.
Highlight #3. Socio-Technical Systems to Biosocial Technical Systems: Creating a new theoretical framework and approach
From the top-down effects of extreme weather events to the bottom-up effects of infectious diseases, biology is shaping technology in society. Hence, the assumption that there is human control over biology through technology is an open question, which requires extensive consideration. This preliminary research posed key questions to global scholars as part of the reframing of the international discourse published in Technology in Society: How can we infuse compassion and empathy into the interaction between technology in society? What do we want the future to be like in terms of how human systems interact with broader biological and technical systems? How do the theories of paradox and ambidexterity help us understand and create a future worth wanting? Can biosocial-technical systems help fill in the gaps in asymmetrical development? What factors influence agility in biosocial technical systems? How should we consider risk and opportunity? How can careful exploration of these deeper questions better shape decision-making and resource allocation? A pilot study exploring the convergence of the biological and digital worlds resulted in the development of a new cyber biophysical risk framework that is being analyzed empirically and tested in organizations.
Why are these findings important? To whom?
These findings are important for business leaders, government officials, board members, business practitioners, and scholars. The new theoretical approaches and frameworks provide new ways of thinking about the critical issue of balancing risk and agility and a globally networked data driven world. They also provide practical tools for executives and businesses. Importantly, cyber criminal activity is worth more than the illicit drug trade and imperils our healthcare, economic, and political systems. The attack surface is increasing, the volume of attacks is growing, and the velocity of attacks is gaining speed. Creating a future worth wanting requires that we diligently work together as scholars and practitioners to address this grand challenge.
What specific advice do you offer to stakeholders, managers, leaders, and policy makers in light of these findings?
It is critical that executives and boards change their mental model when it comes to cyber risk. This is not an IT problem. It is an enterprise risk problem and actually a cross-enterprise problem given our inter-connectivity. The frameworks developed provide practical tools and approaches to change business thinking and execution throughout an organization. In addition, investing in diversity in designers and decision-makers best positions organizations for risk optimization to achieve greater top and bottom-line growth. This automatically infuses the people and processes with greater optics to make better decisions in our new technology environment.