The last couple of years have reminded us of how dangerous and fluid the world is. It’s become our new normal. War in Europe, climate changes, macroeconomic problems and cyber attacks are just some of our society’s issues.
Now, in Denmark, we talk a lot about “hygge”. It’s a term for when something is jovial, pleasant, friendly, good and safe. And for generations, Danes have gotten used to a safe society. Fortunately, catastrophes are the exception. So, when we experience power cut-offs lasting more than 30 minutes, we remember and talk about it. However, this mindset is challenged immensely by looking at the current global situation. Danish organisations have been forced to adapt to threats that can drain a company’s entire equity in a single incident.
Risk management and “hygge” are opposites. The motivation for working with proper risk management in a “hyggeligt” environment is, to be frank, very low. The methods used for risk management in about 80% of all Danish companies are too “hyggelige”. They feel pleasant and safe. Easy to use. All you need to remember is that “red” means “bad” and “green” equals “good”.
However, the new world order and threat scenario require proper risk management. Risk management supporting decision-making in complicated situations. We need to adopt and use methods capable of expressing the uncertainty which risk, by definition, is all about. Risk management must present information in a resolution that allow us to prioritise our efforts and initiatives.
We’ll only be able to solve some of it. In some cases, e.g. certain types of cyber attacks, we just have to accept the probability and work creatively on reducing its impact. We must work smarter and more efficiently in our security work and implement controls that give “more bang (risk reduction) for your buck”.
You might think that doesn’t sound like “hygge”. Let me change your mind because proper risk management can make things “hyggelige” again. And everyone can learn proper risk management, and it doesn’t require specific tools.
Clients of ACI are known for their decision-making on IT security by using proper and data-based risk management. All suppliers of risk management should be willing to subject themselves to that back-test from time to time. If our risk management works, we must share our knowledge while continually challenging and testing it.
Here at ACI, we’ll do our bit. We invite you to our open seminars on quantitative models, which we argue work and make a difference. Sign up for our next seminar on march the 23rd 2023 right here.