Archive for 'Systemic Risk'
Systemic Risks, Intangible Assets and IP…
May 8th, 2012. Published under Enterprise risk management., Fiduciary Responsibility, Systemic Risk. No Comments.
Michael D. Moberly May 8, 2012
The term ‘systemic risk’ has a relatively long history. Its revival, in terms of becoming the presumably focus-grouped explanation for the calamities of the financial services sector beginning in early Fall, 2008 has now come to be embedded in business lexicon to represent a broad cross-section of risk.
The subsequent wide spread use of ‘systemic risk’ in legislative (House, Senate) committee hearings wherein testifying cabinet secretaries, legislators, regulatory agency heads, and financial service c-suites routinely evoked the term (systemic risk) as part of their narrative for explaining (a.) how – why financial institutions and the financial services sector were literally unraveling, (b.) the intertwined elements of the now globalized financial system, and (c.) the underlying rationale for the notion of ’too big to fail’ which eventually prompted the TARP (bailout) provisions.
One of the better understood definitions of systemic risk, in my view, is one provided by Steven Schwarcz of Duke University School of Law wherein he described it (systemic risk) as ’the probability that cumulative losses will occur from an event that ignites a series of successive losses along a chain of (financial) institutions or markets comprising a system’.
Another, but, admittedly, cherry picked definition of systemic risk is provided by BusinessDictionary.com wherein it defines systemic risk as ’the probability of loss common to all businesses, and inherent in all dealings’. In other words risk that cannot be circumvented or totally eliminated.
A commonality embedded throughout the various definitions of systemic risk is the concept of a (preceding) ‘triggering event’. A triggering event is one that causes (internal, external domino or cascading types of) consequences, usually adverse, e.g., loss or undermining of a company’s competitive advantages, asset value, market position, reputation, brand, image, goodwill, supply chain, stakeholders, etc.
In the case of companies with fairly intensive portfolios of intellectual property and other forms of intangible assets, triggering events could include (a.) theft, misappropriation, infringement, and/or premature leakage of key assets, e.g., plans, intentions, capabilities, etc., and/or (b.) significant counterfeiting or product piracy operations against company produced assets. Should anyone of these ’triggering events’ occur, it would collectively undermine or stifle asset value, competitive position, sources of revenue, and future growth opportunities, etc.
Outside the financial services sector, insofar as IP and other intangible assets are concerned, systemic risks would represent those assets cumulative risk, i.e., the vulnerability, probability, and criticality associated with, for example, theft, misappropriation, infringement, compromise, and/or premature leakage of IP and its underlying intellectual capital. Of course, loss and/or compromise of those assets are generally less containable and can rapidly and adversely cascade – ripple throughout a company and its entire chain of stakeholders.
Such adverse affects, are in my view, on the same or comparable plain as the much touted term ‘systemic risk’ and the accompanying market shocks experienced globally by the financial services sector in 2008, i.e., in the form of defaults, bankruptcies, employee layoffs, loss of markets and market share, and competitive advantages,
Several fine studies report that systemic risks (threats) to a company’s intellectual property and other forms of intangible (knowledge-based) assets lies largely with ’insiders’ along with the proliferation of extraordinarily sophisticated and predatorial data mining, information brokering, infringement, misappropriation, and counterfeiting operations that function profitably on a global scale.
The risks (threats) presented by these entities and the subsequent asset compromises that occur are persistent, asymmetric, and frequently devastating to company’s profitability, competitive advantages, and reputation, etc. Multiple respected studies consistently report that U.S. company losses of IP (largely attributed to insiders, infringement, theft, and misappropriation, etc.) range from $45 to $200+ billion annually.
True enough, the adverse affects/consequences of IP – intangible asset losses and/or compromises incurred by small, medium enterprises (SME’s) or small, medium multinationals (SMM’s), may not rise to the same ’systemic risk level’ as experienced by the likes of AIG, Lehman Brothers, or Bank of America, etc., but, they do carry adverse cascading (systemic) affects that are often equally devastating.
Collectively then, this constitutes a fairly strong rationale why company’s should engage in routine monitoring, valuation, and ’stress tests’ regarding their IP and intangible assets. The purpose of these activities if of course, to objectively and proactively determine if any (asset) materiality changes, value erosion, and/or undermining, etc., are occurring and determine if further asset hemorrhaging can be mitigated. Such exercises are now being recognized by management teams, boards, and c-suites alike, as useful and necessary ingredients to (a.) the effective stewardship, oversight, and management of their companies’ intangible assets, and (b.) avoiding costly and often times irreversible surprise will occur.
The inspiration for this post was sparked by (1.) ‘Allegiance in a Time of Globalization’ (Defense Personnel Security Research Center, Technical Report 08-10, December, 2008) and (2.) ‘Technological, Social, and Economic Trends That Are Increasing U.S. Vulnerability To Insider Espionage’ Defense Personnel Security Research Center Lisa A. Kramer, Richards J. Heuer, Jr., Kent S. Crawford Technical Report 05-10 May, 2005 International Journal of Intelligence and Counterintelligence as ‘America’s Increased Vulnerability to Insider Espionage’ (20: 50-64, 2007)
Cyber Security: It’s Not Synonymous Wiith Safeguarding Valuable Information-Based Intangible Assets!
April 24th, 2012. Published under Intangible asset protection, Systemic Risk. No Comments.
Michael D. Moberly March 24, 2012
Information asset protection and cyber security policies and practices must be collaborative and cross-functional!
The attention the private sector and government agencies give to ‘cyber threats, security and warfare’ is well warranted. There should be no question about the cascading effects and infrastructure havoc that deliberate and massive cyber attacks could create. Identifying the best strategy and/or practices companies and governments should engage to address this challenge, is, of course, where much of the debate still lies. That is, the U.S. remains somewhat distinctive from most other countries because our key pillars of infrastructure are generally privately owned and operated, apart from direct government control.
From an information asset protection practitioners’ perspective however, the narrative on such an important and potential catastrophic subject is being, in my view, too narrowly framed and perhaps overly influenced by an IT – computer security orientation. Doing so, leaves little or no recognition for protecting critical – sensitive (private sector and/or government) information that exists in formats other than electronic bits and bytes. This, seemingly prevailing, but misunderstood perception about where and how valuable/sensitive/classified information is housed and safeguarded with respect to critical pieces of U.S. infrastructure creates its own sets of challenges.
By framing (public, private sector) information protection – security policies and practices primarily or solely through a cyber-attack lens, which, make no mistake, is serious and warrants our full attention, in my judgment tends to give short shrift to the economic fact that 65+% of most company’s value, sources of revenue, sustainability, and ’building blocks’ for growth evolve directly from (information-based) intangible assets today, e.g., a company’s know how, intellectual property, competitive advantages, brand, reputation, image, goodwill, etc. In other words, an organization’s most valuable information assets exist as intellectual capital and thus may not be necessarily found or housed in computer and IT systems.
Information protection policies and practices dominated by an IT or cyber (risk, threat) orientation tends to minimize or even over shadow the reality that most organizations today operate in an extraordinarily competitive and predatorial knowledge-intangible asset based global economy. In such an irreversible global business (transaction) environment where information is acquired, processed, and disseminated in nanoseconds, safeguarding and securing valuable information-based intangible assets should not be conceived nor practiced solely through an IT – cyber security perspective. Instead, responsibilities for safeguarding proprietary, mission critical, and/or classified information to counter and/or sustain reasonable infrastructure operation normalcy must be embedded in our respective orientation, regardless of the format which that information exists or how it is stored which increasingly is in the form of intellectual capital.
Today, information asset protection and cyber security policies and practices must be collaborative and cross-functional initiatives. As information asset protection specialists know all too well, proprietary – sensitive business information generally percolates throughout a company or organization and is not strictly confined or limited to what is accessible solely through one’s laptop, desktop, or ‘from the cloud’. In other words, mission essential and value/revenue producing information-based intangible assets exist as intellectual, human, and structural capital and organizational capability, most of which are necessarily conducive to being reduced to electronic bits and bytes.
Information safeguard policies and practices that infer, by having a dominant IT – cyber security orientation, i.e., all valuable, important, and proprietary information (a.) evolves from, (b.) is stored in, and/or (c.) is backed-up by an IT system, can send a misleading message, e.g., if an organization’s IT system is proclaimed to be secure, presumably the organization’s valuable, sensitive, proprietary and competitive advantage information ia also be secure, which we know is not the case. Unfortunately, in today’s increasingly predatorial and incessently thirsty global environment for information that’s a message no organization – company should accept carte blanc.
For the still unconvinced, try examining the numerous, readily accessible, and quite simple (online) ‘roadmaps’ to an organization’s crown jewels, e.g., listening to cell phone conversations in hotel lobbies and airport lounges, glancing at the laptop screen of the person seated next to you, or view social media pages and profiles of key employees and/or their families. In these venues, an economic, competitive advantage, and/or national security adversary can hear, observe, and analyze content, much of which is outside the conventional cyber (computer/IT) security arena. .
It is certainly not my intent to be dismissive about the absolute necessity to rapidly identify, assess, and successfully and consistently thwart the very real risks and threats posed by cyber-attacks which, as most realize, can target specific pillars of the U.S. infrastructure, i.e., banking, healthcare, transportation, energy, defense, first responders, etc. Having effective defenses against cyber-attacks are an essential ingredient to our national and economic security and sustainability.
But, it’s equally important to recognize that both (cyber) terrorist organizations and economic/competitive advantage adversaries can acquire, with varying degrees of ease, a single company or organization’s most valuable and treasured trade secrets and competitive advantages and literally wreak economic, market, and thus a comparable level of infrastructure havoc, one company or one organization at a time. As former FBI Director Sessions is credited with saying, ‘our economic security equates with our national security’!
Cyber Security Is Not Synonymous With Protecting Intangible Assets
March 7th, 2012. Published under Intangible asset protection, Systemic Risk. No Comments.
Michael D. Moberly March 7, 2012
The attention and warnings directed to cyber security (cyber-attacks, cyber-warfare, etc.) are certainly warranted. The strategic and cascading havoc that such deliberative acts could cause to even one of a country’s infrastructure pillars are indeed real.
However, being an intangible asset practitioner and advocate, in my view, the ‘cyber’ narrative is being too narrowly framed on two counts:
One, it is strongly influenced, and perhaps correctly so, by an IT – computer security orientation supported by key professional associations that offer, sometimes very sparingly, formal acknowledgement that cyber-attacks will adversely affect critical information assets which are routinely misperceived as existing solely in formats of electronic bits and bytes.
Two, cyber-attacks (directed to the private sector especially) is routinely characterized as being the portal of choice to engage in intellectual property theft (patent information) in my view may well be misleading, if not incorrect.
Both independent and state-sponsored cyber invasions are really after (need) the ‘glue’ that literally connects intellectual property to execution or manufacturing of select – targeted innovation which of course are the intangible assets, i.e., intellectual capital, know how, competitive advantages, etc.
Framing (public, private sector) information asset protection and security policies and practices primarily through a cyber-attack lens does not recognize the economic fact that 65+% of most company’s value, sources of revenue, sustainability, and ’building blocks’ for growth today evolve directly from intangible (knowledge-based) assets including intellectual capital, proprietary know how, intellectual property, competitive advantages, brand, reputation, image, and goodwill, etc. It’s essential the cyber-narrative acknowledge a company’s most valuable assets are its intangibles which are not exclusively stored in ‘the cloud’ or in a company’s computer-IT system.
Intangible asset protection policies and practices with a dominant IT – cyber (risk, threat) orientation can minimize the equally important reality that most companies operate in an extraordinarily competitive, predatorial, and winner-take-all global economy and business transaction environment. In such an environment, all employees have a responsibility, not just those in corporate IT – cyber security units, for safeguarding valuable and mission critical intangible – information based assets, regardless of the format in which they exist, how they are stored, or how they originate.
It is also necessary to recognize that intellectual property, i.e., patents, trademarks, copyrights, and trade secrets) are actually subsets of intangible assets. So, information (intangible) asset protection and cyber security policies and practices function best if they are formulated and practiced collaboratively.
As information security specialists know, proprietary – sensitive business information often percolates throughout a company and is not strictly confined or limited to what is accessible solely through one’s laptop, desktop, or ‘from the cloud’. In other words, mission essential and value/revenue producing (intangible) assets exist as intellectual, human, and structural capital.
Information security policies/practices that are dominated by an IT – cyber security orientation infers that all valuable, important, and proprietary information (a.) evolves from, (b.) is stored in, and/or (c.) is backed-up by an IT system. Those who ardently believe this convey an extraordinarily misleading, if not erroneous message, which is, ‘if the company’s IT system is proclaimed to be secure, then the company’s sensitive, proprietary and competitive advantage information must also be secure‘. Wrong! That’s an assumption (message) no company can afford to convey, inadvertently, or otherwise.
For those still unconvinced, try listening to cell phone conversations in hotel lobbies and airport lounges, glance at the laptop screen of the person seated next to you, or view social media pages and profiles of key employees. These, sometime inadvertent ‘roadmaps’ to a company’s crown jewels which economic – competitive advantage adversaries can readily access are well outside the conventional cyber (computer/IT) security realm.
It is certainly not my intent to be dismissive about a company’s need to rapidly identify, assess, and successfully and consistently thwart the very real risks and threats posed by cyber attacks which, as most realize, can target specific centers’ of the infrastructure, i.e., banking, healthcare, transportation, energy, etc. Having effective defenses against cyber attacks is an essential ingredient (fiduciary responsibility) to national and economic security and sustainability.
But, it’s also important to recognize that both (cyber) terrorist organizations and economic/competitive advantage adversaries can acquire, with varying degrees of ease, a single company’s most valuable and treasured trade secrets and proprietary intellectual capital (intangible assets) and literally wreak economic, competitive advantage, and market havoc, one company at a time.
Systemic Risks To Intellectual Property and Intangible Assets Held By SME’s and SMM’s
October 27th, 2009. Published under Analysis and commentary, Systemic Risk. No Comments.
Michael D. Moberly October 28, 2009
The risks (threats) to the intellectual property and intangible assets held by SME’s (small, medium enterprises) and SMM’s (small, medium multinationals) are quickly rising to systemic levels!
Those systemic risks (threats) lie largely with ’insiders’ along with the proliferation of extraordinarily sophisticated and predatorial data mining, information brokering, infringement, misappropriation, and counterfeiting operations that function profitably on a global scale. The risks (threats) presented by these entities and the subsequent asset compromises that occur are persistent, assymetric, and frequently devastating to small company’s profitability, competitive advantages, and reputation, etc. Multiple respected studies consistently report that U.S. company’ losses of IP (largely attributed to insiders, infringement, theft, and misappropriation, etc.) range from $45 to $200+ billion annually.
True enough, the adverse affects/consequences of those IP – intangible asset losses/compromises incurred by U.S. SME’s and SMM’s, may not rise to the same ’systemic level’ as experienced by AIG, Lehman, or Bank of America, etc., but, they do carry adverse cascading (systemic) affects that are often equally devastating in the SME and/or SMM arenas.
BusinessDictionary.com (as noted in a previous post) defines systemic risk as the probability of loss common to all businesses, and inherent in all dealings, in other words, risk that cannot be circumvented or completely eliminated. If SME’s or SMM’s wish to expand, grow, and prosper it will be necessary and perhaps inevitable, at some point, for some or all of their IP and intangible assets to be part of a (business) transaction, and therefore, in play and therefore, at risk.
Systemic risk then, is the vulnerability, probability, and criticality associated with loss, theft, misappropriation, infringement, compromise, and/or leakage of IP (know how, trade secrets) which can constitute, for SME’s and SMM’s the equivilent of ’market shocks’ which, in turn, produce adverse ’cascading’ affects throughout an enterprise and its alliance partners, suppliers, and service providers as well.
Of course, those adverse affects are comparable to the systemic risks experienced by the financial services industry recently, i.e., defaults, bankruptcies, employee layoffs, loss of markets and market share, and competitive advantages, which unlike the bailed out and/or merged financial services sector firms, is generally irreversable and unrecoverable for SME’s and SMM’s.
Systemic Risks To Intellectual Property and Intangible Assets
October 26th, 2009. Published under Analysis and commentary, intangible assets, Systemic Risk. No Comments.
Michael D. Moberly October 26, 2009
Question; are there systemic risks to the intellectual property and intangible assets held by companies?
The phrase-term ‘systemic risk’ has a relatively long history. But, its revival, beginning in early Fall, 2008 has now become part of our ’recession lexicon’. Its subsequent wide spread use in legislative (House, Senate) committee hearings on Capital Hill wherein testifying cabinet secretaries, legislators, regulatory agency heads, and c-suites routinely evoked the term (systemic risk) as part of a seemingly self-explanatory narrative, i.e. visualized sound byte, to convey (a.) how – why financial institutions and the financial services sector was literally unraveling, and (b.) the intertwined – embedded nature/elements of the globalized financial system. Then interestingly, systemic risk was also ultimately applied as the underlying rationale for the notion of ’too big to fail’, hence the TARP bailout provisions.
One, perhaps best understood, definition of systemic risk is provided by Steven Schwarcz of Duke University School of Law wherein he described it (systemic risk) as ’the probability that cumulative losses will occur from an event that ignites a series of successive losses along a chain of (financial) institutions or markets comprising a system’.
Another, admittedly ‘cherry picked’ definition of systemic risk is provided by BusinessDictionary.com in which it (systemic risk) is defined as ’the probability of loss common to all businesses…and inherent in all dealings…risk that cannot be circumvented or eliminated’. This definition surely places the notion of systemic risk in an enterprise (IP-intangible asset) risk management (ERM) context.
A commonality embedded throughout the various definitions of systemic risk is the notion of a ‘triggering event’. A trigger is an event that causes (internal, external domino types of) consequences that adversely affects (a company’s) competitive advantages, asset value, market position, reputation, brand, image, goodwill, etc. In the case of a company’s IP and/or intangible assets, ‘triggering events’ could be the (a.) theft, misappropriation, infringement, and/or leakage, and/or (b.) significant counterfeiting or product piracy anyone of which could collectively undermine asset value, competitive position, etc.
Collectively then, this constitutes a fairly strong rationale why company’s should engage in routine monitoring, valuation, and ’stress tests’ on their IP and intangible assets. The purpose is to objectively and proactively determine if any (asset) materiality changes, value erosion, and/or undermining, etc., are occurring and prevent and/or mitigate same. Such exercises are now being recognized by management teams, boards, and c-suites alike, as useful and necessary ingredients to (a.) the effective stewardship, oversight, and management of their company’s intangible assets, and (b.) avoid costly and often times irreversible surprises!
