I read an interesting article today about CIOs and the Looming Risk of Information Malpractice – a number of valid points are made including the fact that the insurance policies most businesses purchase are based on protecting against Industrial Age risks and that these insurance carriers and their policies were not structured or designed to protect against information malpractice or other such Information Age risks.
My fear is that a CIO or other senior executive might ignore the fact that any insurance policy is there to act as a safety net and does not absolve a business of establishing (and following!) good information security & privacy policies and procedures. I have not ready the fine print in one of these policies, but I am sure that there will be some disclaimer indicating that insured organizations need to demonstrate “reasonable” or “sufficient” adherence to good information security practices and that the lack of these may impact claims.
It would be unfortunate but not a complete surprise if decisions are made by some executives to move away from the Layers of an Onion analogy for security to the silver bullet pursuit of purchasing technology insurance.
Wondering what this has to do with Project Portfolio Management (PPM)?
The same “elevator pitch” or airplane conversation-based desire to pursue technology insurance as a silver bullet is present in many executives’ decisions to embrace PPM practices. Unfortunately, these knee-jerk initiatives usually result in abject failure and end up impacting market credibility for a strategic discipline.