The majority opinions and judgments that lack objectivity cause daily problems for people and their companies. Subjectivity leads to lawsuits for damages resulting from failing to take reasonable precautions to prevent and protect customers from foreseeable disruption, such as ransomware or cyberattacks.

How accurate are your conclusions about the magnitude and frequency of future financial losses from information and system outages when a hidden percentage of your knowledge is subjective? We seek out the people who want to succeed faster with objective facts.

This article examines subjectivity, objectivity, exposures, and standing together as you reason to take runway action. Imagine a process to normalize objective facts that change decisions for funding priorities when you focus on the top 20% of problems, creating 80% of the expenses and liabilities.

Blog Image 2

Subjectivity and objectivity are different ways of reasoning.

Subjectivity

Subjectivity is based on or influenced by personal feelings, preferences, opinions, and prior knowledge. Perceptions exist within our minds that can be void of external validation. 

When people collaborate on a decision, the agreement on the facts to consider is often left unsaid. The group moves forward in contemplation as each person inserts their emotions, experiences, and personal biases into the decision outcome.

As you quickly identified, making decisions with multiple people and their unique version of the facts is problematic. The complexity of human experience and the influence one person has over others can bend the truth to become unrecognizable. 

How can you efficiently make effective decisions with perceived facts or flawed reasoning?

The ability to acknowledge subjectivity is critically important. Awareness of biases, beliefs, emotions, and opinions influencing your decisions can help you keep them from clouding your objective view.

Objectivity

An objective claim is a statement about facts that are proven true. Facts previously considered accurate may, at a future date, become false if new criteria, methods, or measurements emerge.

For example, the criteria to determine compliance may change when an amended Rule or modified contract is in place. The statement, “We are in compliance,” becomes false at that point. Even if the assertion of compliance is mostly accurate, it remains an objective claim on a factual matter.

When the focus is on the process and not the person, defensive struggles give way to corrective actions needed to reduce the cost load on your business. The new behaviors change decisions for funding priorities. 

This concept is no different than understanding the hard and soft numbers in finance. The hard numbers are mostly uncontroversial, while the soft ones depend highly on judgment. 

For example, your company purchases a new computer system. The accounting department subtracts the cost of the item over the useful life, which is called depreciation. The CEO understands and agrees that the computer system will need replacing in four years, but the CFO records the costs over six years. Who is correct, and how will this disagreement impact future profitability?

Blog Image 5

Are those who are accountable and responsible aligned within your company?

Exposures

The controls to limit exposure and under performance are frequently misunderstood and misstated. The answers to these questions will vary across contributors in your organization because the combination of objective and subjective information will differ from person to person.

Imagine that you attest (document, agree, sign) to specific fact-based questions in a subjective manner that becomes legal and binding. After disruption events such as information loss or data breach, accountability happens to company executives when the duty is to respond to stakeholders and take ownership of the consequences. 

Granted, the person responsible for securing, protecting, and recovery is usually not accountable for the financial losses. 

The decisions to fund the actions (secure, protect, and recover) depend on resources allocated by those who become liable. The information considered (subjective or objective) will impact the probability of future economic and reputational losses.

The decisions to perform the actions (secure, protect, and recover) depend on the knowledge and resources available. The information considered (subjective or objective) will impact execution and the probability of future business disruption.

Reviewing objective facts and subjective opinions increases shared knowledge and decreases resource waste. Think through the following questions as you consider your exposure. 

  • Do any organizations contract with your company to conduct their business functions?
  • Are you dependent upon vendors to operate functions within your business?
  • What is the exposure to legal, insurance, covenant, and compliance requirements?

Lawsuits

Lawsuits for damages resulting from failing to take reasonable precautions to prevent and protect customers from foreseeable ransomware cyberattacks on computer systems are on the rise.

Lawsuit complaints include and are not limited to the following:

  • BREACH OF CONTRACT
  • BREACH OF THE IMPLIED COVENANT OF GOOD FAITH AND FAIR DEALING 
  • NEGLIGENCE
  • GROSS NEGLIGENCE 
  • BREACH OF BAILMENT 
  • UNJUST ENRICHMENT
  • VIOLATION OF CONSUMER PROTECTION ACT

Cyber Policies

Cyber policies are not umbrella policies that protect against all financial losses from data breaches, ransomware, or other IT disruption events. Policy limits and exclusions may not cover cyber-enabled crimes, profits from reputation damage and diminished market share, or loss of value to stolen intellectual property. 

A voided lawsuit from your cyber insurance carrier is damaging. How would the company cover the liabilities if your insurance provider stated the misrepresentations within the cyber policy application (self-attestation claims) “materially affected the acceptance of the risk and/or the hazard assumed by the insurer” in a court filing?

Blog Image 3

Protect against the common interest dangers of subjective reality and cybercriminal attacks.

Stand and Protect Together

How can business and technical leaders efficiently move toward objective understanding? That is a great question!

Stand and protect together means it is time that team members and stakeholders work together to protect themselves from the dangers of subjective reality and cybercriminal attacks.

Maybe you tried adjusting a few variables over time, but that did not create meaningful progress. Perhaps simple omissions continue to cause problems. What would change if you applied resources to maximize value and limit disruption costs? 

If small incremental change is insufficient, you must inject new energy and focus on pursuing the objective facts. The most cost-effective means to accomplish this is through a curious and independent third party that does not have a particular interest in the situation’s outcome

There are many reasons why this method is effective. The focus is execution, including faster turnaround, more thoroughness, and greater participant objectivity.  

That is why we offer a done-with-you service. A few highlights include the following:

  • Listen to understand each contributor.
  • Establish the baseline of subjective reality across stakeholders.
  • Establish the baseline of objective facts. 
  • Review and discuss the collective findings in a non-judgmental manner.
  • Identify omitted exposures and misunderstandings.  
  • Present topics for decisions to ignore or isolate issues to focus resources.   
  • Minimize the fear of being challenged as listening and communicating become more effective.
  • Reduce capital waste when objective priorities secure funding.   

The size of the leadership team, number of locations, critical business services, and number of evaluated contracts determine the investment required for this service. Other variables include the scope of in-house versus outsourced IT, cyber policy attestation review, and availability of documentation. 

We aim to delight you with the insights. The outlined Runway budget numbers help you determine your relative position and how we can best serve you, as follows:

Runway Starter begins at $9,000

  • Baseline Variance Report
  • Critical Services Report
  • Omitted Exposures Report (top 3 from two documents)
  • Fundamental Concerns Summary
  • Delivered remotely in less than one month

Runway Standard initiates at $25,000

  • Runway Starter
  • Critical and Essential Business Services Report 
  • Omitted Exposures Report (top 10 from five documents)
  • Controls Integrity Report
  • Objective and Subjective Obstacles Summary
  • Delivered on-site and remotely in less than two months

Runway Precision starts at $100,000

  • Runway Standard
  • Omitted Exposures Report (top 30 from ten documents)
  • Compliance Cohesion and Observation Report
  • Delivered on-site and remotely in less than six months

This thorough process brings leadership and subject matter experts together collaboratively to establish criteria for success and how progress is measured. How you apply resources to maximize value and limit disruption costs will become more evident.

Payback Period

What is the payback period? That depends on the current state of your business and the magnitude of underlying subjectivity. 

A few questions to consider include:

  • How many periods will leadership accept negative profit margins after an incident?  
  • How long can the company cover payables and delayed receivables during disrupted conversion cycles?
  • How will new expenses and debt service impact future free cash flow?
  • How numerous and costly are the lawsuit complaints and reputational damage?  

When you focus on the 20% of problems creating 80% of the expenses and liabilities, your life will never be the same. You can normalize the objective facts and change decisions for funding priorities.

Blog Image 4

Let’s illuminate your path forward.

Reasoning Plan

We established that decision-making with multiple people and their unique versions of the facts is problematic. How accurate is your understanding of cybersecurity within your business today when a hidden percentage of your current knowledge is subjective?   

  • Should you prevent and/or mitigate cyber-attacks by acquiring and implementing reasonable and available cybersecurity precautions? 
  • Should you enlist more expeditious cyber remedies to respond to ransomware attacks? 
  • Should you have a functional business continuity plan designed to mitigate the interruption of services upon an event that could reasonably be expected to materially disrupt your organization’s ability to perform during a cyberattack?

Several factors influence your decisions, including weighted values for perception and understanding. Mistaking subjectivity for objectivity is problematic when no other sensible person can agree, given the facts. This scenario makes course correction difficult.

Do you ever have any of these thoughts?

  • I don’t see the value of investing in cybersecurity.
  • When protecting our business information, I do not know who to trust.
  • It is too hard to figure out what we should be doing now.
  • I worry that the information given to me is not accurate. 
  • I assume we are protected because we spend a lot of money.
  • I don’t know what I do not know, which makes me afraid to ask.
  • I’m worried about discoveries and how this information will reflect upon me.
  • I’m overwhelmed with too much work, so this is not a priority.
  • I don’t have enough money to invest in fixing everything that needs reworking.

This confidential process intends to bring forth objective clarity about your operation exposures. You will establish a new baseline of understanding from which to make decisions. 

How would a greater focus on objectivity change future decisions for the better? 

The business and technical commitment to objectivity could save the company several hundred thousand or millions of dollars. The alternative is to allow subjectivity to compromise you and your decisions.

We seek out the persons who want to succeed faster with objective facts. We welcome discussion about your future decision-making path if you find objectivity actionable. 

As a proud supporter of American companies, Certitude Security® is working diligently to define the specific points of truth. Together with business and technical leaders to facilitate essential asset protection priorities for companies throughout the United States.

We welcome your thoughts and questions. To initiate a dialogue, visit the Contact Us page to submit your message or use the Schedule button to coordinate a conversion.