I took my family to the Concert for Diana today at the new Wembley stadium, despite hearing about yesterday’s incidents at Glasgow and in London, despite hearing about Britain being put on its highest state of security alert, despite even knowing that there would be considerably increased levels of security at Wembley as a result.
Does that make me foolhardy? I hope not, I hope I was able to assess the risks and take a balanced decision rather than be bullied out of living a normal life. My intent was not to gamble on the safety and security of my family.
Yesterday, I was informed about the explosives-laden vehicle found near Tiger Tiger in Haymarket, and considered for a few minutes what I should do as a result. Why? I was hosting a 50th Anniversary lunch for Past Presidents of the British Computer Society at the BT Tower, a location that has been the target of terrorist attacks before. My decision was to proceed with the lunch as long as the police had not issued any “Do not travel except in emergency” directives.
The BT Tower yesterday. Wembley this afternoon. Both potential terrorist targets. In between those I was at St George’s Chapel, also a potential terrorist target, attending my daughter’s school speech day. As part of his speech, the headmaster rued the increasing nanny-state-ness of the environment we live in, lamenting that our children were losing out as a result. Losing out because they weren’t able to learn about risk, about the expectation of gains or losses, about knowing whom to trust or distrust (and, more particularly, why).
This almost-institutional avoidance of risk can be seen everywhere. Many years ago, when I saw the unnecessary panic caused by Y2K, I tried to fight back. I remember using the examples of Lance-Corporal Jones from Dad’s Army, as well as Zaphod Beeblebrox from Hitch-hiker, to try and illustrate how we should behave in such circumstances. That all projects carried risk and that avoidance of risk was always expensive and often impossible as well. That instead, an understanding of the risks was what was required, along with clearly expressed mitigation strategies. That risks could be prioritised, as also the actions taken to mitigate them. That risk premia could therefore be calculated and compared against risk likelihoods and impacts, and that paying the premium wasn’t always the smart thing to do.
My employers listened. Thankfully. And we ran a lean Y2K programme.
Sadly, much of the time, this is not true. People are more apt to be Zaphod-like, allowing their glasses to turn opaque at the first sign of danger. I guess it’s a level of risk aversion that goes with large-institution blame cultures. This may be fine for many people, but I wish people were aware of what they were doing as a result. It’s a bit like Information Security telling you that your computers would not be affected by viruses if you enveloped them in six foot of concrete. For sure those computers would be virus-free. But not much use for anything else either.
It’s the same with bringing up children. A child putting its hands near a fire learns by that experience.Â That learning is important, and we need to get better at helping later generations learn rather than legislating to prevent their learning. I think it was Esther Dyson whose e-mails consistently reminded me “Always make new mistakes”.Â Which I guess was a variance of the Edisonian “I have not failed. I have found ten thousand ways that do not work.” Iteration is a critical component of agile strategy.
As we move more and more into dealing with problems of extreme scale, we’re more and more likely to use problem-solving approaches that emulate natural selection and evolution. Today, we are so enmeshed in blame cultures that organisations often get into Failure-Is-Not-An-Option syndrome. What happens in this syndrome is that people hide failure rather than prevent it, and over time that hiding culture gets deep into the organisation. This culminates in an even worse syndrome, The-Emperor’s-New-Clothes syndrome. Here, everyone knows that what they say is not true, yet no one does anything about it.
Without risk there is no learning. Without learning there is no life. We need to be careful about being too careful.
If you’re interested in reading about The Risk Management of Everything, you could do worse than read Michael Power’s tract on that subject. I loved it. [Incidentally, I notice he’s written a book recently called Organising a World of Risk Management; haven’t read it yet, will provide my comments after I get it and read it].