Risk Gone Wild

In late 2007, UK government workers lost two computer discs containing personal and banking data for approximately 25 million residents, information with an estimated black-market value of $2.5 billion. In early 2008, a failure at an outsourced data center in Denmark disrupted the operations of its clients—knocking out a major bank’s ATM network and halting […]

by

Jonathan Rosenoer

and

William Scherlis

by

Jonathan Rosenoer

and

William Scherlis

From the Magazine (May 2009)

Summary.

Reprint: F0905H

IT systems increasingly hold the potential to launch cascading disasters, triggered by the most trivial of incidents. A new type of risk-management culture is needed, warn these Carnegie Mellon professors, to guard against such extreme, but no longer unthinkable, events.

In late 2007, UK government workers lost two computer discs containing personal and banking data for approximately 25 million residents, information with an estimated black-market value of $2.5 billion. In early 2008, a failure at an outsourced data center in Denmark disrupted the operations of its clients—knocking out a major bank’s ATM network and halting milk delivery across the country. Then, last September, a network failure stopped trading on the London Stock Exchange on what would have been one of the busiest days of the year.

A version of this article appeared in the May 2009 issue of Harvard Business Review.

JR

Jonathan Rosenoer (jrosenoer@kpmg.com) is a partner in KPMG Global Advisory’s Financial Services practice and an adjunct professor of risk management at Carnegie Mellon University.
WS

William Scherlis (scherlis@cs.cmu.edu) is director of Carnegie Mellon’s Institute for Software Research and a professor in its School of Computer Science.

Risk Gone Wild

Partner Center

Explore HBR

HBR Store

About HBR

Manage My Account

Follow HBR