Click on the following link for the article: www.linkedin.com

Dave Tate, Esq. comments. An interesting article, although it overstates the issue. I also don’t agree with the following unsupported comment:

“Risk professionals spend 80% or more of their time focused on high frequency, low impact risks because it is easy to capture yet only creates a false sense of security. The phenomenon is called cognitive overload and creates a distraction from the true risks that threaten organizations. This is the primary reason organizations are “surprised” when a major control failure disrupts business or security professionals fail to keep up with cyber threats. Conventional risk practice is not enough! Unfortunately, risk professionals cling to ineffective risk practice without questioning outcomes or seeking alternatives.”

Nevertheless, it does make sense to have informatics or analytics assist with topic areas, possibly such as risk management, in situations where that assistance would be beneficial. But garbage in is garbage out, and knowledgeable involvement is needed in both the design and evaluation. The next CRO will not be a robot or a computer, but it might be helpful.

Interesting also, if computerized risk evaluation is used, will people be more likely to trust and act upon that information. I believe in many cases the answer would be “yes,” and the CRO might be heavily criticized, or perhaps even liable, if he or she doesn’t act upon that information and then a negative risk that had been identified occurs.