See, they ain’t that scientific either
I’m no big fan of overly complex approaches to risk management, and recent economic events have made me even less so.
There was a great article in the Economist about a conference for the American Securitization Forum – the wonderful people that brought us all these complex debt products that are giving banks no end of bellyache. Ironically the conference was held in Las Vegas, and a wonderful quote came from hedge fund manager John Devaney, who said "I’d like to thank the market for dealing me a direct hit. As a trader if you don’t get sucker-punched every once in a while, you don’t understand what risk is."
Also, there were a few good articles last week about how money managers had retreated from the market because they’d lost faith in the ability to model risk effectively.
If only it were so easy for information risk professionals, who often protect far more than just money – we protect innovation, national security, and even human life in some cases. It’s not quite so easy for us to take a direct hit.
Financial markets have taken centuries to evolve, yet look at what can happen with their well established risk models. Information risk modeling is still only nascent, and changing at blistering pace. Yes, we need a more structured approach to information risk management – defining and comparing the different risks we face – but technology and business are evolving so fast that we need to temper our expectations about how scientific this can ever become.
The best quote I heard on this topic was from Hugh Voight of Solutionary, who says that "To get from New York to San Francisco, you don’t need Google Maps until you get close to the Bay Area. At first, you just need to go West."
We still just need to "Go West" when it comes to modeling information risk. Bring on the Village People!