Cyber Warfare – Security Language Is Reframing Our Perspective

June 15th, 2015. Published under Cyber security, cyber warfare., Intangible asset protection. No Comments.

Michael D. Moberly    June 15, 2015   ‘A blog where attention span really matters’!

Some time ago, there appeared to be a transition of sorts in language regarding computer – IT system security. What had traditionally been characterized as defensive actions (products, services, etc.) to prevent and/or mitigate computer – IT system vulnerabilities and infiltrations by hackers or economic-competitive advantage adversaries was undergoing change.

The language – terminology now used to describe what I believe to be similar phenomena are cyber-security and cyber-warfare.  Are these distinctions without a difference?, I don’t believe they are. The latter is presumed to be executable on a broader scale, with greater frequency, sophistication, stealth, and other asymmetric features which can destroy data, deploy various types of malware, or siphon (extract) specifically targeted data-based intangible assets from a single company and/or one of the pillars to our national infrastructure literally, in nanoseconds.

What troubles me most about the term cyber-warfare particularly, is the inference that ‘all things evil’ to computer – IT system(s) originate from afar, that is, they are state sponsored or the product of growing numbers of organized and sophisticated non-state actors, i.e., legacy free adversaries.

Let’s be clear however, I am not questioning whether either of these characterizations are regular, if not the primary initiators, as there is ample evidence (anecdotal and otherwise) that is the case.

The attention and alarms government agencies particularly sound regarding cyber threats and cyber warfare are warranted and I seek not to dispute nor diminish their significance.  After all, the adverse cascading havoc to any nation’s infrastructure created by a single offensive cyber strike-attack, we must recognize, could be incalculably cataclysmic.

Obviously, there are on-going discussions – debates in c-suites globally regarding the most effective expenditure, strategy, and/or practice to mitigate, if not prevent these persistent and ever larger risks. Only the uninformed would assume such challenges will dissipate in the future.

So, among CSO’s (chief security officers), CRO’s (chief risk officers), CISO’s (chief information security officers), CIPO’s (chief intellectual property officers) and certainly legal counsel, sleep will surely be lost. Is it best to advocate your company or organization remain primarily in a defensive mode, e.g., repel, prevent, and contain?, or, independently engage in offensive and/or pre-emptive initiatives assuming such actions will produce some level of deterrence versus the sustained risk and likelihood of escalation currently experienced.

Before any company travels too far down a particular strategic path, it’s important to recognize that the U.S. is distinctive from many other countries in that most of the pillars to its national infrastructure are privately held and operated, apart from direct government control as is the case with numerous other countries.

Thus, independent action (offensive, or pre-emptive) taken by a privately held company against a specific state sponsored actor or cyber adversary would produce, as yet, unknown reactions that may well exceed an inclination to publicly expose ‘who’s doing what to whom’. From an information (intangible) asset safeguard perspective, I believe the subject is being too narrowly framed and perhaps overly influenced by broader cyber security – warfare perspectives.

By continuing to frame computer-IT security in ever broader contexts, i.e., cyber security and cyber warfare, little or no space remains to recognize companies’ mission critical, sensitive, proprietary, and competitive advantage intangible asset-based information routinely still exist in formats other than electronic ‘ones and zeros and bits and bytes’.

I am certainly not suggesting the prevailing perception regarding the origins of adversaries, cyber attacks, and cyber warfare is misguided.   Instead, I am suggesting, such perceptions and the accompanying expenditures and strategies give short shrift to the…

economic fact that 80+% of most company’s value, sources of revenue, and ‘building blocks’  for growth, sustainability, and profitability today lie in – evolve directly from intangible assets e.g., intellectual property, competitive advantages, brand, reputation, and intellectual, structural, and relationship capital. 

Thus, the value, profitability, and competitive advantage, etc., rightfully developed and owned by a company is not exclusively housed in a computer or IT system and therefore not exclusively vulnerable to cyber attacks or cyber warfare.

Too, information asset safeguard policies and practices dominated by an IT or cyber (risk, threat) orientation tend to minimize the reality that most companies today operate in an extraordinarily fast-paced, competitive, and predatorial knowledge-intangible asset based global economy.  In this irreversible global environment, information (intangible) assets are developed, acquired, used, and disseminated in extraordinarily short time frames.  Endeavoring to safeguard or secure these assets, in my view, should not be exclusively conceived or practiced solely through an IT – cyber security lens.

Instead, responsibilities for safeguarding valuable information (intangible) assets should be embedded in (asset) developers-owners-users respective orientation, ethic, and enterprise culture. The reason is, there is consistent and irreversible rise in intangible asset intensive and dependant companies in which information assets exist not solely as conventional tangible assets, rather as intangible assets, i.e., intellectual, structural, relationship, and competitive capital, etc.

As information (intangible) asset safeguard specialists know all too well, variations of a company’s – organization’s proprietary – sensitive business information is often prone to percolatating throughout an enterprise making it challenging to definitively restrict, confine, or limit its accessibility solely to conventional IT products, i.e., laptops desktops, or ‘the cloud’.  Again, it’s relevant to recognize that intellectual (structural, relationship, and competitive) capital seldom, if ever can be wholly concentrated in electronic ‘ones, zeros, or bits and bytes’.

Similarly, information safeguard policies and practices supported by a presumptively superior IT – cyber security system-program, can be misleading. For example, if a company installs – executes a new IT-cyber security system is proclaimed it to be effective, presumably then, a company’s proprietary information is secure, seldom becomes the reality which the company aspired.  In today’s aggressively predatorial global business transaction environment eager to acquire actionable intelligence that translates into lucrative competitive advantages, that is a message no company should, even inadvertently, be communicating.

 (This post was inspired by NPR’s Tom Gjelten’s three part series on cyber attacks and cyber warfare, February 11th, 12th, and 13th, 2015 on Morning Edition.)

Reputation Risks: What Influences Consumers and Stakeholders To React?

June 5th, 2015. Published under Reputation risk.. No Comments.

Michael D. Moberly   June 5, 2015   ‘A blog where attention span really matters’!

‘I really don’t know’ is my answer to this question. And, I should note that I am variously dubious of most who, for whatever reason, deem it necessary to say otherwise. That said, I trust my candid response does not deter further reading.

My rationale is, there are numerous sociological, psychological, economic, personal convenience and availability of equal or greater alternatives that play varying roles in how, why, or if consumers – stakeholders will react and if so, whether such reactions may be felt economically, in supply chains, or as diminution of competitive advantages.

I am writing this post in the early morning of June 4th. During the late afternoon of June 3d, a proposed class action lawsuit was filed in a Manhattan federal court by four former employees of CVS who presumably held loss prevention positions. They claimed their superiors had ordered them to track minority customers which, as most know, translate as requisites to racial profiling which they voiced objections.

What prompted me to write about this specific event, among others of equal or greater import, is that NPR (Morning Edition) presented a 3 minute and 3 second segment about the CVS lawsuit which I then read about it in greater detail at Reuters.com where the story originated.

The lawsuit (Simpson v. CVS Pharmacy Inc, U.S. District Court for the Southern District of New York, No. 15-cv-4261) included the possibility that these plaintiffs may soon be filing a companion complaint with the EEOC. Should this occur, it would presumably allow plaintiffs to add more claims to their ‘federal’ case. I do not know whether CVS acquired a ‘heads up’ to the filing of this suit, but I suspect, with confidence, they did. Regardless, Carolyn Castel, a spokesperson for the Rhode Island based CVS Health Corporation, said ‘CVS was shocked by the lawsuit and would fight the claims’.

While I cannot presume to speak for CVS customers and stakeholders, I have come to be receptive to the ageless adage ‘if-where there is smoke there is usually fire’. My receptivity to this adage is embedded in multiple years of serving in various administrative capacities which, when adverse rumors, accusations, or innuendos came to my attention, I accepted a responsibility to engage each in a discreet follow-up to assess their voracity.

One can make the case that there are fewer business risks, when they may materialize, e.g., allegations that carry even the slightest adverse messaging can manifest as genuine reputation risks.

I, like numerous colleagues in the intangibles arena, listen to and/or read about the same company – management missteps and miscues in media (news) outlets charged with securing 24×7 content, which I suspect can render them receptive to portraying ‘news’ events in contexts with potential linkage to other events or imageries.

Ironically though, I seldom hear events which are clear predicates to potentially significant (company) reputation risk, not being characterized in the mainstream and/or social media conveyances as such. This, I remain particularly curious.

Media accounts are uncharacteristically absent language-narrative that reports the potential for reputation risk to arise even though growing numbers of adverse events that materialize produce some level of reputation risk fallout to the victim – targeted company before there has been a rebuttal or rational discussion as to its merits or truthfulness.

I am not suggesting the media standing alone are the instigators or precipitators of reputation risk to private sector firms but, to be sure, media characterizations do play a role in terms of how events are characterized for viewers, readers, and listeners, i.e., consumers and stakeholders.

Questions unanswered…

 

Cyber Attacks Mutually Assured Disruption of Intangible Assets!

June 3rd, 2015. Published under Cyber security, cyber warfare., Intangible asset protection. No Comments.

Michael D. Moberly   June 2, 2015   ‘A blog where attention span really matters’!

Throughout the 1960’s, there was consistent reference by governments and defense sectors’ about MAD (mutually assured destruction), i.e., each side possessing sufficient nuclear ‘mega-tonnage’ to assure mutual destruction of the other, should war breakout.

A similar analogy is evident today, but its origins do not lie in the delivery of nuclear weapons rather in the delivery of massive cyber attacks designed to simultaneously take down and/or substantially disrupt multiple pillars of a targeted countries’ infrastructure, ala MAD – ‘mutually assured (sector, grid) disruption’!

On the morning of September 11, 2001, I and countless others presumed the aircraft strikes in New York and Washington were diversionary, as tragic as they were, to be followed by massive cross sector cyber attacks. My anger and curiosity that a cyber attack was imminent prompted me to call acquaintances employed in various sectors throughout the U.S., one of which was the director of a top tier research university’s ‘super-computing’ center. My rationale was that a super-computing center would likely be an initial point of detection to a larger cyber attack should there be one in the offing. To my disillusionment, such a rationale was in error, at least in this instance.

The capability to thwart, mitigate, or contain the asymmetric and adverse cascading effects that a coordinated cyber attack would likely be designed to produce presents obvious challenges and creeping costs insofar as companies and organizations keeping pace with the infinite risks and threats which can seemingly materialize anytime and anyplace with no vapor trail, to maximize the intended infrastructure disruption and chaos.

I suspect there are management teams, c-suites, and boards, ranging from Fortune ranked firms to SME’s (small, medium enterprises), which have already engaged in discussions regarding the practicalities and costs of continuing to deploy state-of-the-art cyber attack – risk mitigation (data-information security) products.

There are two related reasons why I believe such discussions are inevitable…

  • it is a globally universal and irreversible economic fact that rising percentages, 80+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, profitability, and sustainability lie in – evolve directly from intangible assets, primarily in the form of intellectual, structural, relationship-social and competivity capital.
  • data/information generation, storage, and retrieval needs are continually ratcheting up to the mega-terabyte arena, particularly with the rapid recognition and rise of intangible asset intensive and dependant companies.

To be sure, efforts to thwart the actions of the growing global array of ultra-sophisticated economic and competitive advantage adversaries and legacy free players engaged in hacking and/or state sponsored entities capable of delivering massive cyber attacks are challenges which, at this juncture, cannot be dismissed or relegated to the uninitiated.

I am not suggesting companies disregard their fiduciary responsibilities or regulatory mandates.  Instead, I am suggesting a company’s desire to curtail the rising costs and operational disruptions associated with investing and deploying all-the-more nuanced IT security products that deliver consistent and measurable returns, technologies must be developed with capabilities to differentiate company information and data on a variable continuum. For example, introducing the capability to differentiate data-information that should receive the maximum safeguards, which initially I propose, encompass these four factors, i.e., the (intangible) assets…

  1. contributory value to a particular project, product, and/or the company’s mission.
  2. continued materiality to a particular project, product, and/or the company’s mission.
  3. relevance to a company’s reputation (image, goodwill, brand) etc.

Insider Threat Continuum

June 1st, 2015. Published under Insider Theft of IP and Intangible Assets, Insider Threats. No Comments.

Michael D. Moberly   June 1, 2015   A blog where attention span really matters!

In the information asset protection community, there’s an adage, or perhaps more aptly characterized as an anecdotally rooted ‘rule of thumb’, the ’20-60-20 rule’ that still carries a timely relevance since it initially caught my attention some 25+ years ago. Through my lens, this represents a reasonable and plausible characterization of the persistent ‘insider threat’ which I endeavor to explain below.

Group 1 – 20% of the people we work with…are inherently honest and possess consistently high levels of (personal, professional) integrity.  It’s quite unlikely individuals in this initial 20% would be influenced, inclined, or could be persuaded to engage in unethical or dishonest behaviors, acts, or violations of a company’s security or information safeguard policies or practices.

In other words, for these individuals there would be little or no concern they would be engaging in misappropriation – theft of proprietary information, trade secrets, or monetized elements of intellectual property (IP)..

Group 2 – another 20% of the people we work with…function at the opposite end of this continuum of honesty – integrity.  For these individuals, when their already thin sociological – psychological veneer is peeled back, it’s likely to reveal an inherently dishonest, unethical, and misguided persona with little, if any, sense of personal – professional integrity, or employer loyalty with respect to complying with company policies or government laws/regulations related to obligations for safeguarding proprietary information, trade secrets, or IP.

Too, these individuals would likely be receptive (have the internal propensity, proclivity) when certain opportunities avail or influencers are present to engage in unethical – illegal acts, i.e., theft or compromise of valuable, mission critical, and competitive advantage information (intangible) assets.

Group 3 – then there’s the 60% of the people we work with who are essentially ’in the middle’, that is, they do not (overtly) demonstrate any particular receptivity or proclivity to engage in dishonest, unethical, or illegal acts or behaviors that would purposefully put their employers proprietary information, trade secrets, or IP at risk or in jeopardy. In other words, these individuals are likely to be honest and ethical.

There is a disappointing and frustrating nuance to Group 3 however. That is, anecdotal evidence which suggests individuals functioning at the fringe of this group, i.e., closest to Group 2 on the continuum, are recognizing the persistent overtures from external entities engaged in solicitation-elicitation initiatives to misappropriate or publicly leak their employers’ proprietary information assets.

This phenomenon is particularly worrisome…to information safeguard specialists on many levels, one of which is that such (highly personal and embedded) proclivities – propensities may be unknown at the time of hire, i.e., go undetected – unobserved in conventional pre-employment screening and interview processes. In current parlance, they may be unwitting sleeper’s who’s adverse proclivities may be awakened and influenced at some future point by the employee’s interpretation-assessment of…

  • their employer’s reactions and sanctions imposed on those caught violating company information safeguard practices and policies.
  • the degree, level, and consistency of monitoring which their employer engages relative to safeguarding its proprietary information, IP, and trade secrets.
  • the persistence of external advances and their potential lucrative outcomes.

Admittedly, there is nothing particularly scientific or legally defensible…regarding the 20-60-20 perspective, other than to say it probably evolved from well intentioned ‘anecdotal guesstimates’ and observed incidents. Regardless, those finding relevance in this phenomenon, does draw, and properly so, our attention to the persistent and very costly challenges presented by ‘insiders’, whomever they may be, and the necessity for more effective pre-employment screening and regular monitoring.

One rather practical approach to addressing such insider challenges can be attributed to the always forward looking Esther Dyson, when she remarked, ’it’s not about counting the number of copies anymore, rather, it’s about developing relationships with employees and users’ (who can access the proprietary – competitive advantage information that necessitates safeguarding).

I suspect Ms. Dyson may not be familiar with the ’20-60-20 adage described here and its relevance to the hyper-competitive, aggressively predatorial, entrepreneurial spirited, and winner-take-all global business transaction environment.

But, there is practical reality embedded in Ms. Dyson’s remark, at least in terms of ‘people we work with’ and their propensity – receptivity, at some point in their career, not just their first week of employment, but, after undergoing various ‘snap-shots-in-time’ pre-employment screenings, to engage in adverse acts!

While most of my operational familiarity with ‘insiders’ is a direct result of personal experiences, I respectfully attribute some of my current thinking and approaches for addressing this persistent challenge to the excellent work-research consistently produced by PERSEREC (Personnel Security Research Center, DoD) and Carnegie Mellon’s CERT unit.

Trust, Reputation, and Value Propositions

May 22nd, 2015. Published under Company culture and reputation., Value Propositions. No Comments.

Michael D. Moberly   May 22, 2015    ‘A blog where attention span really matters’!

Trust between employers and employees and companies and customers (clients, consumers, etc.) is an essential and very relevant IA (intangible asset) to most company’s profitability and sustainability, irrespective of sector. Through my lens, at least in business contexts, trust is embedded in – translates as relationship capital and reputation, additional key IA’s, and, as such, play increasingly significant roles in articulating, materializing, and sustaining a company’s value proposition. But trust, like many other ‘business’ terms, are frequently prey to individualized definition and translation.

Sarcastically, when I see – hear one, in a leadership role, take a podium to evangelize about the importance of trust, I find it prudent, to recognize who, for what purpose, and the context in which they are endeavoring to characterize trust. In other words, I often find expressions of trust to be circumstance and/or context specific, but sprinkled with sufficient commonalities tantamount to self-serving glue that allows the definition to retain a semblance of palatability.

Trust, like numerous other business terms, is receptive to being defined in a manner that reflects a speaker’s circumstance to casts them in a preferred (positive) light vis-à-vis their customers, clients, superiors, and/or consumers, something which I would advise Barclays, Citigroup, J.P. Morgan, and the Royal Bank of Scotland, aka “The Cartel” to not try waste resources to argue, for some time, once again.

Aside from the financial services sector, many of us remain inclined to feel that someone whom we presume possess perspectives and values similar to our own can, and should be worthy of our trust. Thus, we would likely be receptive to their overtures. More specifically, when I am engaged with individuals, in business and IA management-safeguard initiative, whom there there is evidence of shared commonalities, it’s likely I will be inclined – receptive to feeling they have my interests in mind.

That sense of course, emanates from another assumption which is, one’s present – past experiential commonalities serve as emotional entrées to trust. One might go so far as to suggest when we are surrounded by people whom we believe are like us, there will be a reciprocating inclination of trust.

Trust is a feeling, and thus a distinctly human experience says Simon Sinek. But, merely doing everything one has expressed – been interpreted as a promise you would do, does not robotically mean people will trust you. Instead, it more objectively translates that you may be reliable. To drill down further on this, most of us have friends who, by reasonable standards of assessment, could be characterized as not being particularly reliable or trustworthy, yet, because they are like us, we are inclined to trust them and remain friends, claims Sinek.

Trust is important because, when one is in the presence of individuals with shared beliefs, we are more confident – receptive to engage in some level of risk taking, experimentation, or exploration which, it’s likely we would not be inclined to do otherwise. After all, our personal – professional survivability and sustainability are, arguably dependent upon our ability to surround ourselves – serve with others with shared beliefs!

(This post evolved from NPR’s ‘Ted Radio Hour’ that aired on May 15, 2015, hosted by Guy Raz with a segment conducted by Simon Sinek, an adjuct to RAND Corporation.)

Intangible Assets in B-School Curriculum

May 14th, 2015. Published under Intangible asset teaching and training., Intangible asset training for management teams.. No Comments.

Michael D. Moberly    May 14, 2015   ‘A blog where attention span really matters’!

The absence of intangible assets in B-school curriculum is tantamount to business education heresy. Some years ago, while preparing to teach a management course, I framed and sequenced course materials to reflect my determination and eagerness to introduce MBA students not merely to IA’s, but strategies related to managing them, mitigating risks, sustaining ownership, and understanding their competitive content and contributory value.

It’s essential IA’s be incorporated as teaching-learning elements to b-school’s undergrad and graduate programming, if, for no other reason than steadily rising percentages (i.e., 80+%) of most companies’ value, sources of revenue, and ‘building blocks’ for growth, profitability, and sustainability evolve directly from these non-physical asset class, particularly, intellectual, structural, and relationship capital, brand, reputation, goodwill, competitive advantages, and intellectual property, etc.

Upon commencing this MBA course, I quickly introduced students to intangible assets and affirmed they would be integral learning objectives to the course. Just as quickly, it became clear, with one exception, that, for even the most experienced and employed students, intangible assets were not part of their lexicon, repertoire of talent, or skill sets, save for one student who did acquire a limited, but far from operational familiarity for specific types-categories of intangible assets once they were pointed out. But that familiarity was generally limited to intellectual property (patents primarily), reputation, and brand.  Student generally characterized    intangibles in standalone – individualized contexts, not reliant on or connected to other company assets.

End of course teaching assessments coupled with student responses to essay questions related to intangible asset issues revealed challenges remained, particularly achieving a sufficient (operational) grasp of intangibles in several key areas, e.g., how…

  • IA’s could be subject to a collective framework of (asset) management, stewardship, and oversight.
  • to recognize and assess IA’s contributory value (to a company, a particular product, service, or other broader initiative.
  • to distinguish particular IA’s as contributing to – being drivers of specific  sources of revenue, and
  • the assets’ could be persistently vulnerable to various and asymmetric risks which, once materialized, would erode and/or undermine company value, the benefits of competitive advantages, (company, product) reputation, and new product launches, etc.

Respectfully, IA’s represent a variously challenging concept to grasp and apply in value-add, revenue generation, monetization, and exploitation contexts, to name just a few.  As for this course, I sensed then, and still do, that an important conceptual hurdle to understanding intangible assets along with achieving some level of operational familiarity, may reside in the word ‘intangible’.  That is, IA’s lack a conventional sense of physicality, unlike tangible (physical) assets which one can see, touch, and report on balance sheets and financial statements.

Again, respectfully, this was, for these MBA students, their initial introduction to IA’s. In part, their lack of familiarity is a reflection of shortcomings in the larger business community that still struggles with how to effectively and efficiently engage and utilize the intangible assets their company – organization produces or acquires.

As the nine week course progressed, a significant percentage of the students appeared to concede the role, function, and contributory value of intangible assets.  It’s worth noting, one student with an especially progressive career in financial services, clearly conveyed he was grasping IA’s, however, he consistently challenged, even resisted the positive spin I was endeavoring to espouse regarding the relevance and contributory value of intangible assets across all industry sectors.

This particular student articulated his reticence by describing numerous multi-million dollar loan and acquisition transactions which he personally oversaw, throughout which there was absolutely no mention, recognition, or accounting of intangible assets being in play, in either valuation, collateral (securitization) or due diligence contexts.

At the conclusion of the last class, this student said to me in a respectful, yet very definitive tone…”I understand what you’re saying Mr. Moberly about IA’s, but I just don’t see IA’s ever becoming an issue in my bank as you are suggesting they should and will, at least while the current (bank) officers remain in place. In my bank, it’s solely about identifying and assessing the value of physical assets as collateral”.

Of course, the point to all of this is, does the same attitude and perspective hold true for business management teams, c-suites, and boards, in general?  To be sure, attitudes toward and fundamental operational familiarity with IA’s is changing as the economic fact – business reality becomes clearer, i.e., 80+% of most company’s value and sources of revenue emanate from IA’s.

Introducing intelligent, seasoned, and already successful business decision-makers, boards, and management teams to intangible assets, and that the time they devote to learning about intangibles, their valuation, and strategies to effectively use and extract value from them, along with the necessity to safeguard and monitor the assets’ value, risk, and materiality are indeed worthy of their time. Unfortunately however, intangible assets remain somewhat of a hard sell!

 

 

 

 

Risk Tolerance – Appetite: Where Does Your Company Stand?

May 12th, 2015. Published under Organizational resilience and business continuity/conti. No Comments.

Michael D. Moberly    May 12, 2015   ‘A blog where attention span really matters!’

In my corner of the business world where 80+% of most company’s value and sources of revenue lie in – evolve directly from IA’s (intangible assets), it’s routine for me to cross paths with very astute, experienced, and financially successful company management team members (c-suites). Somewhat ironically, at least through my lens, many quite cavalierly express the view that it’s impossible to eliminate all (business) risk. I have come to interpret, quite correctly I believe, that mantra is symbolic of the subjective manner in which many c-suites treat risk.

My response to such views is usually to politely hedge a little by suggesting it is possible to mitigate a large percentage of most business’ risk! However, and here comes the hedging part, the resources a company may have to dedicate – reallocate to a (risk) mitigation initiative, and the resulting restrictions, subjective as they may be, would likely be embedded with some untenable impracticalities.

Regardless of how subjective risk mitigation may be, at least how I see it being practiced. Few organization decision makers would knowingly assume risk mitigation practices that would…

  • impede operation effectiveness and efficiency or disturb the flow and integration of IA’s,
    • particularly intellectual, structural, relationship, and competitivity capital.

Any company doing so would rapidly find its viability, profitability, and sustainability substantially undermined, if not ‘go to zero’, unless of course, those assets were transferrable.

Through my lens, there are a significant, but actually unknown percentage of companies in which their tolerance – appetite for risk…

  • varies over time and is often circumstance – transaction specific, i.e., influenced by…
    • the products – services a company produces, delivers, and its target customers.
    • the perceptions – beliefs held by c-suites and boards regarding business risk climate.
    • a prior adverse experience or shared anecdote from another company.
    • the manner and locations in which a company interacts with – engages its primary markets, i.e., customers, supply chains, and myriad stakeholders.

According to Dr. Marc Siegel, a globally respected organizational resilience specialist, there are ways to measure and assess a company’s tolerance – appetite for risk. Most, Siegel says are dependent on their

1. Experience, e.g., the confidence level held by company management teams’ acquired largely through their familiarity with current and over-the-horizon risks, coupled with their (perceived) capabilities to effectively manage (prevent and/or sufficiently mitigate) such risks.

 2. Resiliency – e.g., if or when a significant (business) risk materializes, are there policies and practices in place to (a.) mitigate – minimize the criticality produced by the risk, and (b.) rapidly return the company to a state of operational and financial – revenue normalcy in a reasonable time frame before risk resiliency is irreversible. Achieving such a desired level of risk resiliency includes minimizing the fragility and vulnerability of company’s – business unit’s intangible assets, particularly intellectual, structural, relationship, and competitive capital for the duration of the risk event.

A related question I routinely pose to management teams, focuses on how they (presumably) achieved consensus to accept or tolerate particular levels of risk relative to a specific transaction, new venture, strategic alliance, etc.?  The answer is frequently some variation to the proverbial…

‘risk is an inherent feature of doing business and all successful business persons are inherently risk takers’.

I approach business risk a little differently in terms of understanding why and how I may respectfully influence management teams, boards, and c-suites, already inclined to have a greater appetite for – tolerance of certain (business) risks and not others. I find it’s frequently due to…

  • types and levels of risk are subjectively measured – assessed to be low, in terms of vulnerability and probability, but extraordinarily high in criticality,
    • making the cost of mitigation, i.e., risk transfer, etc., exceed potential (prospective) benefits, thus self-insurance or elevated tolerance for risk appear to be the prudent, near term option.
  • the asymmetric nature of business risks, i.e., their magnitude, frequency, criticality, and cascading potential, while factoring the type of product or service a company produces, is beyond the capabilities of most to consistently prevent or mitigate.
  • companies’ anticipated – projected business opportunities associated with assuming a certain level of risk, outweigh risk exposures to the point that a management team can justify – rationalize executing a particular transaction or new initiative and therefore assume a substantial portion of the risk.

(This post was inspired by the work of Dr. Marc Siegel and his work related to organizational resilience on behalf of ASIS International.)

Competitive Intelligence Zeroing In On Company’s Intangible Assets…

May 8th, 2015. Published under 'Safeguarding Intangible Assets', Economic Espionage. No Comments.

Michael D. Moberly   May 8, 2015   ‘A blog where attention span really matters’.

Competitive (business) intelligence is alive and well and it’s certainly not all cyber-based even thought there is an abundance of off-the-shelf data mining software available that mitigates the tediousness and time associated with conventional approaches to business intelligence collection.

Perhaps what concerns me most has been the continued expansion of ‘legacy free players’ (Thomas Friedman, ‘The World Is Flat’). My definition of ‘legacy free players’ is quite similar to that of Mr. Friedman’s, that is, these individuals/groups may not be necessarily aligned with or employees of nation state sponsors which are frequently technology dependant and sophisticated, or even organized units/cadres of economic spies. Instead, ‘legacy free players’ are, for the most part, independent operators or groups of individuals whose country of origin and cultural perspective about honoring the proprietary information originated by – belonging to others is a relatively new concept insofar as respecting personal, let alone intellectual property rights. In other words, there is an absence of legal, social, or cultural legacy to others’ properties of the mind, i.e., intellectual – human capital.

Setting that aside for the moment, of all the business leaders and management team members I have had the good fortune of conversing over the past 25+ years, when I introduce the subject of competitive intelligence, a substantial percentage of the time, their initial response is embedded with favorable rationalizations ranging from…

  • everybody does it, to
  • one is foolish if they don’t engage in some manner of competitor – business intelligence.

I am aware of no original research – objective data to indicate such characterizations are as accurate as business leaders assume, based on my many years of work-research in this arena, one would be well advised to consider the consistency of the responses suggest a significant percentage of businesses regularly engage in some level – form of competitor-business intelligence.

While their (intelligence) collection and analysis techniques may not be as sophisticated, analytical, or strategically oriented as those conducted by the countless private (independent) competitor intelligence firms operating globally, the information targeted and collected usually provides business decision makers with useable prognosticative insights variously related to the plans, intentions, and capabilities of competitors, i.e., what they are doing, have done, or, are about to do!

Simply stated, I find the adverse affects (of competitor – business intelligence) usually materialize in one of four ways, that is, the purpose, intent, and/or objective are to…

  • undermine, erode, stifle, and otherwise get ahead of a competitors’ initiatives, competitive advantages, market position, and strategic planning.

Any company’s efforts to counter or mitigate the very real adverse affects of competitor intelligence begins with understanding one’s own company’s IA’s (intangible assets).  This means recognizing that IA’s comprise increasing percentages – 80+% of most company’s value sources of revenue and ‘building blocks for growth, profitability, and sustainability! More specifically, IA’s are the real drivers – underliers to company’s value and sources of revenue which are precisely what competitor-business intelligence operatives are seeking, whether, I might add, they actually realize it or not!

Six Reasons Why Business Leaders Are Hesitant To Engage Their Intangible Assets?

May 7th, 2015. Published under Analysis and commentary, Managing intangible assets. No Comments.

Michael D. Moberly    May 7, 2015   ‘A blog where attention span really matters’!

We’re well into the 21st century and the contributory role IA’s (intangible assets) consistently play as value, revenue, and competitive advantage generators, is recognized at the 5,000 foot elevation among business communities globally, but, there is little corresponding evidence that business leaders are actually engaging their IA’s.

At the 5000 foot level, it’s a well known economic fact – business reality that steadily rising percentages, i.e., 80+%, of a most companies’ value and sources of revenue emerge directly from IA’s.

THE question is, what factors are being assumed by business leaders that influence substantial numbers to dismiss, disregard, and otherwise over ride this economic fact – business reality even though engaging their IA’s could benefit their company in numerous ways.

Frankly, I sense no particular urgency, among the leadership of the U.S., and perhaps global business communities to willingly engage their companies IA’s in strategies to maximize and extract as much value and revenue as possible.

Cutting to the chase! I, like other national – international voices advocating greater recognition and utilization of intangible assets, meet with astute, intelligent, and extraordinarily talented and successful business leaders who are apt to use sophisticated techniques to schedule employee work schedules to minimize overtime pay, but, mention the words intangibles or intangible assets and eyes glaze over!

Equally puzzling is, why aren’t these business decision makers acting on this factual, irrefutable information, whether it comes from blog posts like this or other ‘higher’ sources?  Why are these sources of – contributors to organization-wide value and revenue which are literally‘ within hands reach’ being overlooked, neglected, or, in some instances, dismissed outright?

In part, the lack of business leader enthusiasm for intangible assets can be attributed to…

  1. accountant’s governed by law and practice standards, have no particular motivation or obligation to delve too deeply in clients’ IA’s other than what is attributable to goodwill.
  2. faux strategic planning which is more akin to near term – quarterly-based projections that preclude discussions regarding IA utilization or monetization…
  3. ill-informed inclination to assume – characterize IA’s as being synonymous with IP (intellectual property), which serves as rationale for business leadership to attach little relevance because IP matters are contextually structured to be legal only.
  4. self-deprecating assumptions by some business leaders, irrespective of their success, that their company neither produces nor possesses any valuable – competitive advantage intangible assets, worthy of the time and expense to identify and assess.
  5. intangible assets absence of physicality, i.e., having no tangible or conventional physical presence.
  6. presumed consultants’ who inappropriately, and perhaps unwittingly, characterize the identification, unraveling, assessment, and extraction of value, revenue, and competitive advantages from intangible assets as being too complicated, time consuming and producing little ROI.

Understanding and taking affirmative steps to maximize and extract as much value and competitive advantages as possible from the IA’s a company develops, is not rocket science, it’s just good business!

Monetizing Intangible Assets Produced By Police Cultures’

May 5th, 2015. Published under Investing in intangible assets., Value Propositions. No Comments.

Michael D. Moberly   May 4, 2015   ‘A blog where attention span really matters.!

I am confident an experienced business person who possesses an operational familiarity with intangible assets…could devise a viable and mutually receptive strategy to ‘monetize’ un-used, under-used, or ineffectively used IA’s (intangible assets) emanating from public service – policing cultures.

This suggestion is not a poorly disguised twist for continuing to utilize traffic citations as sustaining a revenue pipeline for municipalities…Instead, when it comes to policing and the variously nuanced operational cultures that quite naturally, yet invariably evolve, there remain a percentage whose mission statement and culture emanates from a conventional – time honored ‘protect and serve’ model or some variation. Unfortunately, the ugly realities of some police cultures have surfaced in Ferguson, Cleveland, Baltimore, and other cities over the past 9-12 months. Citizens have witnessed the rudderless ambiguity of such presumptive branding that is, at minimum we find to have become irreconcilably disconnected from its citizen consumers.

The ‘protect and serve’ models have their origins in another period of U.S. law enforcement reformation which commenced in the early 1970’s following the deeply rooted tensions embedded in urban areas throughout the U.S. which sparked hard and tragic lessons which it is certainly not rocket science to draw valid comparisons to what has been witnessed of late. To suggest otherwise is to ensure repetition is just another generation away.

The objective here is to not ‘naval gaze’ on the actions of a few, remove them and quickly, but translate the principled actions of the vast majority…into policing intangible assets that deliver – generate value to citizens and their communities and neighborhoods on many levels. In most instances the assets, intangible as they are, can be individually or collectively ‘monetized’ as internal pride and external responsibility – attractivity for infrastructure investments.

Let’s not delude ourselves that policing ‘brand’ which has been revealed in such public ways, particularly since August, 2014, will not be ‘re-branded’ easily or quickly. Citizens are far to realistic and savvy for that. Here, time and constructive and affirmative action and behaviors are the predicates to effective and meaningful (culture) re-branding.

Now please, bear with me while I explain what I mean by ‘monetizing’ police culture…yes, I am an advocate of genuinely exploring strategies for ‘monetizing’ communities’ IA’s produced by normative cultures, but, such initiatives have two key components, i.e., they require…

  • leadership and foresight to recognize the intangible economic – competitive advantage benefits that will accrue to communities that execute well defined and normative (public service and public safety) cultures, and
  • understanding about how to effectively exploit those assets for their value-add features, i.e., community-neighborhood reputation, goodwill, image, and existing and prospective user attractivity, etc.

Specifically, public safety departmental cultures can be legitimate and exploitable (IA) catalysts to illustrate a community – neighborhood record of consistently safe, receptive, inclusive, and an otherwise attractive locale worthy of investment(s) in business, education, property value, and the critical symbolism framed by ‘we care what happens’!

A starting point is recognizing that in most instances, an organization’s culture is a verb, not a noun…in other words culture development and maintenance requires action, leadership, and consistent monitoring in order for a normative (police) culture to materialize and become self- sustaining.

Public safety department cultures are nothing particularly new…they have existed for generations. In the present context however, once a culture of like-minded individuals (employees) band together for reasons other than professional camaraderie, problems and challenges are all but sure to follow!

For a myriad of reasons and rationales, some individuals are compelled to seek out and band together with other like-minded individuals for defense, mutual support, or to accommodate a felt or acquired personal need which in turn, may manifest into an accumulation of very personalized IA’s, i.e., reputation, image, perceptions, affiliations, intellect, capabilities, fears, etc. In these circumstances, a cultures’ rationale sometimes intensifies prejudice and xenophobic attitudes antagonistic toward particular groups of citizens, i.e., racial, ethnicity, etc.

Organizational cultures, and the sub-cultures either can spring are often intertwined collections of IA’s embedded in individual – group sociology and psychology…the product and presence of which may be the product of perception or direct observation, i.e., as sets of actions or inactions which either adhere to or disregard social norms, departmental policies, or the law.

Long before there is evidence that an organization’s culture has gone ‘off its rails’ by deviating from its core, police leadership have an obligation to take action to modify it, ensure its return to a true state, and then monitor it…which are, in essence, fiduciary duties – responsibilities for taking the necessary steps to re-direct that subcultures’ rationale and monitor it for assurance and compliance.

Of course, when a (sub-) culture of negativity becomes rooted in – receives its spirit from higher echelons of a departmental or city administration, the positive actions and interactions of an individual officers can seldom sufficient to favorably influence the whole or quickly reverse what individual ‘bad actors’ may have already done.

In those instances, my counsel to good officers is to resign yesterday and seek employment in departments with leaders who recognize the all important but often unrecognized IA’s officers bring and deliver to each shift.

Integral to any prescription for reclamation – reversal of an already adverse (police) culture, is recognizing…that police are routinely the quintessential first responders to community and neighborhood challenges, particularly where there has already been multi-generational neglect and dismissiveness which can cascade into adjacent areas. It’s reasonable to conclude then, adverse police cultures are often products of a generation of mutual disintegration of trust which spark persistent antagonism and tension.

Ironically, circumstances like this and become entrées and rationales for collaborative culture leadership…by putting in place (oversight, monitoring, and assessment) practices which respect a community’s socio-economic circumstances.

But, cultivating a normative organizational culture for policing and public safety…requires principled and thoughtful leadership, wisdom, time, and the intellectual curiosity to recognize factors that influence culture development and sustainability. There are ample (anecdotal) indicators that ‘good to great’ leaders are concerned about it, pay attention to it, endeavor to achieve it, and realize it’s important to monitor it. After all, there is no one-size-fits-all or snap-shot-in-time methodology to repair or develop a proper organizational culture that fully matures overnight.

Seldom can positive organizational cultures be wholly replicated elsewhere by a competitive organization…admittedly the term competitor may appear more relevant to private – for profit sectors rather than police – public safety departments

Through my lens however, the community wide competitive advantage deliverable by public sector (policing) entities particularly those serving urban, lower socio-economic communities and/or neighborhoods experiencing gentrification.

Again, as a long time intangible asset strategist and risk specialist, I am confident, city administrators would find it beneficial to explore how their public service and public safety cultures’ can materialize to produce valuable and sustainable competitive advantages.