In episode 41 of the Data Modernization Minute, Wayne Sadin explains that CIOs can learn from the recent Southwest Airlines meltdown, starting with a lesson about IT risks.
00:18 — Over the holidays, Southwest Airlines had to cancel an enormous amount of its flights. Wayne identifies two lessons pertaining to IT risks and technical debt that CIOs can gain from this.
01:12 — When talking about IT risk in a board meeting, Wayne considers what might monopolize the conversation. Ransomware disruption, defalcation, and inadvertent disclosure will all be top of mind because cybersecurity is a real risk. Each of these threat actors is trying to steal data to get companies to shut down.
01:48 — Will your systems fail or hold up under stress? This should be the first thing the CIO discusses with the C-suite. Other areas to discuss include identifying:
- The types of stress that could impact your system
- When stressors occur
- How to test them and prepare for them
02:36 — Another area of concern is project failure. When implementing a new system, have you put in the necessary controls to ensure it cuts over smoothly, transfers all the data that it should, and lets people operate?
02:55 — Wayne shares an example of an implementation project going wrong. Have you considered the implications of a project failing? How can you minimize that risk by timing a big bang into multiple little bangs through risk mitigation techniques?
03:31 — There’s always the risk of not delivering at all. If your competitors are moving forward and your organization can’t move forward, that puts the company at risk.
03:56 — If a physical disaster strikes, it could impact several areas of your business. How do you plan for that? Boards and C-suites should be having conversations with the CIO about disaster recovery risk:
- What are your risk tolerances?
- What are the minimum and maximum risks you can take?
- Where are your guardrails of cost vs. risk?
- What can be done to ensure it stays within the risk tolerance that the board has set for that function?
05:25 — The lesson that Wayne highlights from Southwest Airlines is that if your systems fail for reasons other than cybersecurity, it will still look just as bad and can be just as damaging to your company. Look at all of your IT risks and don’t just focus on one.
Looking for more insights into all things data? Subscribe to the Data Modernization channel: