• United States



I like risk

Dec 04, 20122 mins
CSO and CISOIT LeadershipIT Strategy

No risk? No reward. We just have to calibrate it better.

Many chess players—and I’m sure you are going to find this hard to believe—are boring. Even to their fellow chess players.

Because they try to play zero-risk chess.

These poor saps try to win by playing timidly, avoiding error at all costs, purely trying to create weakness-free positions. They don’t gamble, but they also don’t try new ideas, and they never play a game that anyone else would find interesting or creative or worth emulating. They aren’t actually playing to win; they are playing not to lose.

[Get CSO’s new monthly Risk Management newsletter]

It’s a soul-crushing experience to sit down for a three- to four-hour game at my Tuesday night club, only to realize that my opponent’s sole objective is to suck the life out of the position. This, I say, is no way to spend a Tuesday night. Zero-risk chess is boring.

In my professional life, as in chess, I have discovered that I like risk. I like creativity and I like winning. I am willing to gamble on my own judgment. And when I don’t get the result I expect, I rethink my analysis with this new data. If I come to the same conclusion as before, I often double down.

Of course, the results of chess games don’t matter. You lose spectacularly, you get to reset the pieces and try again from scratch next week. You look kind of stupid, but so what.

The results of taking this approach in business are much more tangible. Particularly with security risks, it doesn’t make sense to be cavalier. But that doesn’t mean your business should take no risks. Zero-risk business isn’t just boring, it also has very little upside.

That is why security leaders have to become great evaluators of risk. Join me on my new blog and share your experiences as I delve into the exciting—not boring!—topic of risk management.