It was a lovely Saturday in Snowbird, and I was so excited to spend the next couple of hours with my friends exploring the trails going down a mountain I’d never been on before. Based on my experience with downhill skiing in Europe, and the fact that I am very risk adverse, I made it clear in the chair lift during our trip up that I am happy to do any colour trail as long as they are prepared.
“Sure, no problem.. no moguls, promise” was my friend’s response.
And with that said, we set off on our very first run down. From the top of the lift, we turned right and the 2 boys dropped down a trail that started about after a few hundred meters on the right, and I followed onto what I now know is called “Gad Gully” a black narrow slope with (you guessed it!) moguls. My heart was in my throat as this run was steep, with lots of moguls and the worst bit is, it’s also quite narrow so there isn’t a lot of room for mistakes.
I slowed down after a couple of near accidents (involving other people and a some trees) and had to remind myself of the basics of skiing. Lean towards the valley and keep your weight on the tips of your skis. Man, it was difficult and it took all my mental strength to do it but I knew it was the only way I would make it down that mountain alive and in one piece.
I made it down and the adrenaline rush was amazing! That was definitely outside of my comfort zone. I was scared and elated at the same time. And also extremely proud because I didn’t give up – I worked my way through it and lived to tell the tale.
Why did I want to share this experience with you? Because this week we were talking about risk leadership and how this is more than simply analysing, recording, and managing risks. A true risk leader shows vulnerability to share where there are unknown threats to the businesses. Or where there are vulnerabilities internally due to unclear or immature processes. A true risk leader also knows it’s alright to stop and consider the best course of action. To pause and think about the best way forward to make sure you get out of the situation alive and improved.
You know when to push through and when to stop and think.
Experience and skill
As risk leaders we need to be confident in our skill level to approach the vulnerabilities and threats. We have past experiences to draw from, and if this is not the case, we need to find people around us that we trust so that we can draw important learnings from their experiences.
The team you have around you must also have the skills to understand the situation they are in and to be able to assess the situation correctly.
Back to my ski trip – it’s because of my decades of experience and many hours of private lessons in the snow that I had the skill set to assess the situation correctly and had the ability to chart a course down the hill.
My question to you is: What training do you need to commit to for you and your team to navigate your business through the potential risks coming your way in the next 3 – 5 years? What do you need to know to be compliant to industry and legal regulations? How can you support your team to perform to the best of their abilities?
Are you leaning into the risks ahead of you? Do you have a proactive approach to external and internal threats? Or are you defensive and trying to avoid all the risks?
I know from my ski experience, that being defensive would have put me on the backfoot and I would have ended up in a place I didn’t want to be. It’s only because I was literally on the front foot and tackling the situation head on, but with a calm perspective and attitude, that I managed to make it through a potential dangerous situation alive and learn a lot of lessons from it.
Some questions to ask to become a better risk leader:
- Who should be included to cover the entire organizations security and business needs?
- Who has responsibility and accountability for treating and managing the risk?
- What information security risks exist in the environment in which your business operates?
- Do processes monitor your organizations ability to re evaluate risks and adjust controls effectively in response to changes in its objectives, its business and its external environment?
- Do you believe that additional, specific regulatory guidance on cloud risk management is warranted?
- What are your information and process requirements when completing the third party risk management process?
- Are supply chain vulnerabilities protected from threats initiated against organizations, people, information, and resources that provide products or services to your organization?